Customer Agreement

Effective starting: August 29, 2024

This Agreement is between Customer and Orthogramic. “Customer” means the entity on behalf of which this Agreement is accepted or, if that does not apply, the individual accepting this Agreement. “Orthogramic” means Swan Hickey Pty Ltd ACN 631 505 694 trading as Orthogramic.

If you (the person accepting this Agreement) are accepting this Agreement on behalf of your employer or another entity, you agree that:

  1. You have full legal authority to bind your employer or such entity to this Agreement.
  2. You agree to this Agreement on behalf of your employer or such entity.

If you are accepting this Agreement using an email address from your employer or another entity, then:

  1. you will be deemed to represent that party,
  2. your acceptance of this Agreement will bind your employer or that entity to these terms.
  3. the word “you” or “Customer” in this Agreement will refer to your employer or that entity.

By clicking on the “Agree” (or similar button or checkbox) that is presented to you at the time of placing an Order, downloading Products, or by using or accessing the Products, you confirm you are bound by this Agreement. If you do not wish to be bound by this Agreement, do not click “Agree” (or similar button or checkbox), download the Products, or use or access the Products.

1. Overview

This Agreement applies to Customer’s Orders for Products and related Support and Advisory Services.

2. Use of Products

2.1. Permitted Use.

Subject to this Agreement and during the applicable Subscription Term, Orthogramic grants Customer a non-exclusive, worldwide right to use the Products and related Support and Advisory Services for its and its Affiliates’ internal business purposes, in accordance with the Documentation and Customer’s Scope of Use.

2.2. Restrictions

Except to the extent otherwise expressly permitted by this Agreement, Customer must not (and must not permit anyone else to):

  1. rent, lease, sell, distribute or sublicense the Products or (except for Affiliates) include them in a service bureau or outsourcing offering.
  2. provide access to the Products to a third party, other than to Users.
  3. charge its customers a specific fee for use of the Products, but Customer may charge an overall fee for its own offerings (of which the Products are ancillary).
  4. use the Products to develop a similar or competing product or service.
  5. reverse engineer, decompile, disassemble or seek to access the source code or non-public APIs to the Products
  6. modify or create derivative works of the Products.
  7. interfere with or circumvent Product usage limits or Scope of Use restrictions.
  8. remove, obscure or modify in any way any proprietary or other notices or attributions in the Products.
  9. violate the Acceptable Use Policy.

2.3. DPA

The DPA applies to Customer’s use of Products and related Support and Advisory Services and forms part of this Agreement.

3. Users

3.1. Responsibility

Customer may authorize Users to access and use the Products, in accordance with the Documentation and Customer’s Scope of Use. Customer is responsible for its Users’ compliance with this Agreement and all activities of its Users, including Orders they may place, apps and Third Party-Products enabled, and how Users access and use Customer Data.

3.2. Login Credentials

Customer must ensure that each User keeps its login credentials confidential and must promptly notify Orthogramic if it becomes aware of any unauthorized access to any User login credentials or other unauthorized access to or use of the Products.

3.3. Domain Ownership

Where a Product requires Customer to specify a domain (such as www.example.com) for the Product’s or a feature’s operation, Orthogramic may verify that Customer or an Affiliate owns or controls that domain. Orthogramic has no obligation to provide that Product or feature if Orthogramic cannot verify that Customer or an Affiliate owns or controls the domain. Product administrators appointed by Customer may also take over management of accounts previously registered using an email address belonging to Customer’s domain, which become “managed accounts” (or similar term), as described in the Documentation.

3.4. Age Requirements

The Products are not intended for use by anyone under the age of 16. Customer is responsible for ensuring that all Users are at least 16 years old.

4. Products

This Section 4 only applies to Products.

4.1. Customer Data

Orthogramic may process Customer Data to provide the Products and related Support or Advisory Services in accordance with this Agreement.

4.2. Security Program

Orthogramic has implemented and will maintain an information security program that uses appropriate physical, technical and organizational measures designed to protect Customer Data from unauthorized access, destruction, use, modification or disclosure, as described in its Security Processes. Orthogramic will also maintain a compliance program that includes independent third-party audits and certifications, as described in its Security Processes.

4.3. Service Levels

Where applicable, service level commitments for the Products are set out in the Service Level Agreement.

4.4. Data Retrieval

The Documentation describes how Customer may retrieve its Customer Data from the Products.

4.5. Removals and Suspension

Orthogramic has no obligation to monitor Customer Data. Nonetheless, if Orthogramic becomes aware that:

  1. Customer Data may violate Law, Section 2.2 (Restrictions), or the rights of others (including relating to a takedown request received following the guidelines for Reporting Copyright and Trademark Violations).
  2. Customer’s use of the Products threatens the security or operation of the Products, then Orthogramic may:
    1. limit access to, or remove, the relevant Customer Data.
    2. suspend Customer’s or any User’s access to the relevant Products. Orthogramic may also take any such measures where required by Law, or at the request of a governmental authority. When practicable, Orthogramic will give Customer the opportunity to remedy the issue before taking any such measures.

5. Not used

6. Customer Obligations

6.1. Disclosures and Rights

Customer must ensure it has made all disclosures and obtained all rights and consents necessary for Orthogramic to use Customer Data and Customer Materials to provide the Products, Support or Advisory Services.

6.2. Product Assessment

Customer is responsible for determining whether the Products meet Customer’s requirements and any regulatory obligations related to its intended use.

6.3. Sensitive Health Information and HIPAA

Unless the parties have entered into a ‘Business Associate Agreement,’ Customer must not (and must not permit anyone else to) upload to the Products (or use the Products to process) any patient, medical or other protected health information regulated by the Health Insurance Portability and Accountability Act.

7. Third-Party Code and Third-Party Products

7.1. Third-Party Code

This Agreement and the Third-Party Code Policy apply to open source software and commercial third-party software Orthogramic includes in the Products.

7.2. Third-Party Products

Customer may choose to use the Products with third-party platforms, apps, add-ons, services or products (“Third-Party Products”). Use of such Third-Party Products with the Products may require access to Customer Data and other data by the third-party provider, which, for Products Orthogramic will permit on Customer’s behalf if Customer has enabled that Third-Party Product. Customer’s use of Third-Party Products is subject to the relevant provider’s terms of use, not this Agreement. Orthogramic does not control and has no liability for Third-Party Products.

8. Support and Advisory Services

Orthogramic will provide Support and Advisory Services as described in the Order and applicable Policies within the AEST (Australian Eastern Standard Time) timezone only. Orthogramic’s provision of Support or Advisory Services is subject to Customer providing timely access to Customer Materials and personnel reasonably requested by Orthogramic.

9. Ordering Process and Delivery

No Order is binding until Orthogramic provides its acceptance, including by sending a confirmation email, providing access to the Products, or making license or access keys available to Customer. No terms of any purchase order or other business form used by Customer will supersede, supplement, or otherwise apply to this Agreement or Orthogramic. Orthogramic will deliver login instructions or license keys for Products electronically, to Customer’s account (or through other reasonable means) promptly upon receiving payment of the fees.

10. Billing and Payment

10.1. Fees.

  1. Direct Purchases. If Customer purchases directly from Orthogramic, fees and any payment terms are specified in Customer’s Order with Orthogramic.
  2. Resellers. If Customer purchases through a Reseller, Customer must pay all applicable amounts directly to the Reseller, and Customer’s order details (e.g., Products and Scope of Use) will be specified in the Order placed by the Reseller with Orthogramic on Customer’s behalf.
  3. Renewals. Unless otherwise specified in an Order and subject to the Product, Support or Advisory Services continuing to be generally available, a Subscription Term will automatically renew at Orthogramic’s then current rates for: (i) if Customer’s prior Subscription was for a period less than twelve (12) months, another Subscription Term of a period equal to Customer’s prior Subscription Term, or (ii) if Customer’s prior Subscription Team was for twelve (12) months or more, twelve (12) months. Either party may elect not to renew a Subscription Term by giving notice to the other party before the end of the current Subscription Term. Customer must provide any notice of non-renewal through account settings in the Products, by contacting Orthogramic’s support team or by otherwise providing Orthogramic notice.
  4. Increased Scope of Use. Customer may increase its Scope of Use by placing a new Order or modifying (by mutual agreement with Orthogramic) an existing Order. Unless otherwise specified in the applicable Order, Orthogramic will charge Customer for any increased Scope of Use at Orthogramic’s then-current rates, prorated for the remainder of the then-current Subscription Term.
  5. Refunds. All fees and expenses are non-refundable, except as otherwise provided in this Agreement. For any purchases Customer makes through a Reseller, any refunds from Orthogramic payable to Customer relating to that purchase will be remitted by that Reseller, unless Orthogramic specifically notifies Customer otherwise at the time of refund.
  6. Credit Cards. If Customer uses a credit card or similar online payment method for its initial Order, then Orthogramic may bill that payment method for renewals, additional Orders, overages to scopes of use, expenses, and unpaid fees, as applicable.

10.2. Taxes

  1. Taxes Generally Fees and expenses are exclusive of any sales, use, GST, value-added, withholding or similar taxes or levies that apply to Customer’s Orders. Other than taxes on Orthogramic’s net income, Customer is responsible for any such taxes or levies and must pay those taxes or levies, which Orthogramic will itemize separately, in accordance with an applicable invoice.
  2. Withholding Taxes To the extent Customer is required to withhold tax from payment to Orthogramic in certain jurisdictions, Customer must provide valid documentation it receives from the taxing authority in such jurisdictions confirming remittance of withholding. This documentation must be provided at the time of payment of the applicable invoice to Orthogramic.
  3. Exemptions If Customer claims exemption from any sales tax, VAT, GST or similar taxes under this Agreement, Customer must provide Orthogramic a valid tax exemption certificate or tax ID at the time of Order, and after receipt of valid evidence of exemption, Orthogramic will not include applicable taxes on the relevant Customer invoice.

10.3. Return Policy

Within thirty (30) days of its initial Order for a Product, Customer may terminate the Subscription Term for that Product, for any or no reason, by providing notice to Orthogramic. Following such termination, upon request (which may be made through Customer’s Orthogramic account), Orthogramic will refund Customer the amount paid for that Product and any associated Support under the applicable Order. Unless otherwise specified in the Policies, this return policy does not apply to Advisory Services.

10.4. Suspension for Non-payment

Orthogramic may suspend Customer’s rights to use Products or receive Support or Advisory Services if payment is overdue, and Orthogramic has given Customer no fewer than ten (10) days’ written notice.

11. Orthogramic Warranties

  1. 11.1 Performance Warranties Orthogramic warrants to Customer that: (a) the Products will operate in substantial conformity with the applicable Documentation during the applicable Subscription Term, (b) Orthogramic will not materially decrease the functionality or overall security of the Products during the applicable Subscription Term, and (c) Orthogramic will use reasonable efforts designed to ensure that the Products, when and as provided by Orthogramic, are free of any viruses, malware or similar malicious code (each, a “Performance Warranty”).
  2. 11.2 Performance Warranty Remedy If Orthogramic breaches a Performance Warranty and Customer makes a reasonably detailed warranty claim within 30 days of discovering the issue, Orthogramic will use reasonable efforts to correct the non-conformity. If Orthogramic determines such remedy to be impracticable, either party may terminate the affected Subscription Term. Orthogramic will then refund to Customer any pre-paid, unused fees for the terminated portion of the Subscription Term. These procedures are Customer’s exclusive remedy and Orthogramic’s entire liability for breach of a Performance Warranty.
  3. 11.3 Exclusions The warranties in this Section 11 (Orthogramic Warranties) do not apply to: (a) the extent the issue or non-conformity is caused by Customer’s unauthorized use or modification of the Products, or (b) Third-Party Products.
  4. 11.4 Disclaimers Except as expressly provided in this Section 11 (Orthogramic Warranties), the Products, Support and Advisory Services and all related Orthogramic services and deliverables are provided “AS IS.” Orthogramic makes no other warranties, whether express, implied, statutory or otherwise, including warranties of merchantability, fitness for a particular purpose, title or non-infringement. Orthogramic does not warrant that Customer’s use of the Products will be uninterrupted or error-free. Orthogramic is not liable for delays, failures or problems inherent in use of the internet and electronic communications or other systems outside Orthogramic’s control.

12. Term and Termination

  1. 12.1 Term. This Agreement commences on the date Customer accepts it and expires when all Subscription Terms have ended.
  2. 12.2 Termination for Convenience. Customer may terminate this Agreement or a Subscription Term upon notice for any reason. Subject to Section 10.3 (Return Policy), Customer will not be entitled to any refunds as a result of exercising its rights under this Section 12.2, and any unpaid amounts for the then-current Subscription Terms and any related service periods will become due and payable immediately upon such termination.
  3. 12.3 Termination for Cause. Either party may terminate this Agreement or a Subscription Term if the other party: (a) fails to cure a material breach of this Agreement (including a failure to pay fees) within 30 days after notice, (b) ceases operation without a successor, or (c) seeks protection under a bankruptcy, receivership, trust deed, creditors’ arrangement, composition or comparable proceeding, or if such a proceeding is instituted against that party and not dismissed within 60 days. If Customer terminates this Agreement or a Subscription Term in accordance with this Section 12.3, Orthogramic will refund to Customer any pre-paid, unused fees for the terminated portion of the Agreement or applicable Subscription Term.
  4. 12.4 Effect of Termination. Upon expiration or termination of this Agreement or a Subscription Term: (a) Customer’s rights to use the applicable Products, Support or Advisory Services will cease, (b) Customer must immediately cease accessing the Products. Following expiration or termination, unless prohibited by Law, Orthogramic will delete Customer Data in accordance with the Documentation.
  5. 12.5 Survival. These Sections survive expiration or termination of this Agreement: 2.2 (Restrictions), 4.2 (Security Program), 10.1 (Fees), 10.2 (Taxes), 11.4 (Disclaimers), 12.4 (Effect of Termination), 12.5 (Survival), 13 (Ownership), 14 (Limitations of Liability), 15 (Indemnification by Orthogramic), 16 (Confidentiality), 17.4 (Disclaimer), 18 (Feedback), 20 (General Terms) and 21 (Definitions).

13. Ownership

Except as expressly set out in this Agreement, neither party grants the other any rights or licenses to its intellectual property under this Agreement. As between the parties, Customer owns all intellectual property and other rights in Customer Data and Customer Materials provided to Orthogramic or used with the Products. Orthogramic and its licensors retain all intellectual property and other rights in the Products, any Support and Advisory Services deliverables and related source code, Orthogramic technology, templates, formats and dashboards, including any modifications or improvements.

14. Limitations of Liability

  1. 14.1 Damages Waiver. Except for Excluded Claims or Special Claims, to the maximum extent permitted by Law, neither party will have any liability arising out of or related to this Agreement for any loss of use, lost data, lost profits, interruption of business or any indirect, special, incidental, reliance or consequential damages of any kind, even if informed of their possibility in advance.
  2. 14.2 General Liability Cap. Except for Excluded Claims or Special Claims, to the maximum extent permitted by Law, each party’s entire liability arising out of or related to this Agreement will not exceed in aggregate the amounts paid to Orthogramic for the Products, Support and Advisory Services giving rise to the liability during the twelve (12) months preceding the first event out of which the liability arose. Customer’s payment obligations under Sections 10.1 (Fees) and 10.2 (Taxes) are not limited by this Section 14.2.
  3. 14.3 Excluded Claims. “Excluded Claims” means: (a) Customer’s breach of Section 2.2 (Restrictions) or Section 6 (Customer Obligations), (b) either party’s breach of Section 16 (Confidentiality) but excluding claims relating to Customer Data or Customer Materials, or (c) amounts payable to third parties under Orthogramic’s obligations in Section 15 (Indemnification by Orthogramic).
  4. 14.4 Special Claims . For Special Claims, Orthogramic’s aggregate liability under this Agreement will be the lesser of: (a) two times (2x) the amounts paid to Orthogramic for the Products, Support and Advisory Services giving rise to the Special Claim during the twelve (12) months preceding the first event out of which the Special Claim arose, and (b) US$5,000,000. “Special Claims” means any unauthorized disclosure of Customer Data or Customer Materials caused by a breach by Orthogramic of its obligations in Section 4.2 (Security Program).
  5. 14.5 Nature of Claims and Failure of Essential Purpose. The exclusions and limitations in this Section 14 (Limitations of Liability) apply regardless of the form of action, whether in contract, tort (including negligence), strict liability or otherwise and will survive and apply even if any limited remedy in this Agreement fails of its essential purpose.

15. Indemnification by Orthogramic

  1. 15.1 IP Indemnification. Orthogramic must: (a) defend Customer from and against any third-party claim to the extent alleging that the Products, when used by Customer as authorized by this Agreement, infringe any intellectual property right of a third party (an “Infringement Claim”), and (b) indemnify and hold harmless Customer against any damages, fines or costs finally awarded by a court of competent jurisdiction (including reasonable attorneys’ fees) or agreed in settlement by Orthogramic resulting from an Infringement Claim.
  2. 15.2 Procedures. Orthogramic’s obligations in Section 15.1 (IP Indemnification) are subject to Customer providing: (a) sufficient notice of the Infringement Claim so as to not prejudice Orthogramic’s defense of the Infringement Claim, (b) the exclusive right to control and direct the investigation, defense and settlement of the Infringement Claim, and (c) all reasonably requested cooperation, at Orthogramic’s expense for reasonable out-of-pocket expenses. Customer may participate in the defense of an Infringement Claim with its own counsel at its own expense.
  3. 15.3 Settlement. Customer may not settle an Infringement Claim without Orthogramic’s prior written consent. Orthogramic may not settle an Infringement Claim without Customer’s prior written consent if settlement would require Customer to admit fault or take or refrain from taking any action (other than relating to use of the Products).
  4. 15.4 Mitigation. In response to an actual or potential Infringement Claim, Orthogramic may, at its option: (a) procure rights for Customer’s continued use of the Products, (b) replace or modify the alleged infringing portion of the Products without reducing the overall functionality of the Products, or (c) terminate the affected Subscription Term and refund to Customer any pre-paid, unused fees for the terminated portion of the Subscription Term.
  5. 15.5 Exceptions. Orthogramic’s obligations in this Section 15 (Indemnification by Orthogramic) do not apply to the extent an Infringement Claim arises from: (a) Customer’s modification or unauthorized use of the Products, (b) use of the Products in combination with items not provided by Orthogramic (including Third-Party Products), or (c) Third-Party Products, Customer Data or Customer Materials.
  6. 15.6 Exclusive Remedy. This Section 15 (Indemnification by Orthogramic) sets out Customer’s exclusive remedy and Orthogramic’s entire liability regarding infringement of third-party intellectual property rights.

16. Confidentiality

16.1. Definition. “Confidential Information” means information disclosed by one party to the other under or in connection with this Agreement that: (a) is designated by the disclosing party as proprietary or confidential, or (b) should be reasonably understood to be proprietary or confidential due to its nature and the circumstances of its disclosure. Orthogramic’s Confidential Information includes any source code and technical or performance information about the Products. Customer’s Confidential Information includes Customer Data and Customer Materials.

16.2. Obligations. Unless expressly permitted by the disclosing party in writing, the receiving party must: (a) hold the disclosing party’s Confidential Information in confidence and not disclose it to third parties except as permitted in this Agreement, and (b) only use such Confidential Information to fulfill its obligations and exercise its rights in this Agreement. The receiving party may disclose such Confidential Information to its employees, agents, contractors and other representatives having a legitimate need to know (including, for Orthogramic, the subcontractors referenced in Section 20.11 (Subcontractors and Affiliates)), provided the receiving party remains responsible for their compliance with this Section 16 (Confidentiality) and they are bound to confidentiality obligations no less protective than this Section 16 (Confidentiality).

16.3.Exclusions. These confidentiality obligations do not apply to information that the receiving party can demonstrate: (a) is or becomes publicly available through no fault of the receiving party, (b) it knew or possessed prior to receipt under this Agreement without breach of confidentiality obligations, (c) it received from a third party without breach of confidentiality obligations, or (d) it independently developed without using the disclosing party’s Confidential Information. The receiving party may disclose Confidential Information if required by Law, subpoena or court order, provided (if permitted by Law) it notifies the disclosing party in advance and cooperates, at the disclosing party’s cost, in any reasonable effort to obtain confidential treatment.

16.4. Remedies. Unauthorized use or disclosure of Confidential Information may cause substantial harm for which damages alone are an insufficient remedy. Each party may seek appropriate equitable relief, in addition to other available remedies, for breach or anticipated breach of this Section 16 (Confidentiality).

17. Free or Beta Products

17.1. Access. Customer may receive access to certain Products or Product features on a free, fully discounted or trial basis, or as an alpha, beta or early access offering (“Free or Beta Products”). Use of Free or Beta Products is subject to this Agreement and any additional terms specified by Orthogramic, such as the applicable scope and term of use.

17.2. Termination or Modification. At any time, Orthogramic may terminate or modify Customer’s use of (including applicable terms) Free or Beta Products or modify Free or Beta Products, without any liability to Customer. For modifications to Free or Beta Products or Customer’s use, Customer must accept those modifications to continue accessing or using the Free or Beta Products.

17.3. Pre GA. Free or Beta Products may be inoperable, incomplete or include errors and bugs or features that Orthogramic may never release, and their features and performance information are Orthogramic’s Confidential Information.

17.4. Disclaimer. Notwithstanding anything else in this Agreement, to the maximum extent permitted by Law, Orthogramic provides no warranty, indemnity, service level agreement or support for Free or Beta Products and its aggregate liability for Free or Beta Products is limited to US$100.

18. Feedback

If Customer provides Orthogramic with feedback or suggestions regarding the Products or other Orthogramic offerings, Orthogramic may use the feedback or suggestions without restriction or obligation.

19. Publicity

Orthogramic may identify Customer as a customer of Orthogramic in its promotional materials. Orthogramic will promptly stop doing so upon Customer request sent to sales@orthogramic.com

20. General Terms

20.1. Compliance with Laws. Each party must comply with all Laws applicable to its business in its performance of obligations or exercise of rights under this Agreement.

20.2. Assignment.

  1. Customer may not assign or transfer any of its rights or obligations under this Agreement or an Order without Orthogramic’s prior written consent. However, Customer may assign this Agreement in its entirety (including all Orders) to its successor resulting from a merger, acquisition, or sale of all or substantially all of Customer’s assets or voting securities, provided that Customer provides Orthogramic with prompt written notice of the assignment and the assignee agrees in writing to assume all of Customer’s obligations under this Agreement and complies with Orthogramic’s procedural and documentation requirements to give effect to the assignment.
  2. Any attempt by Customer to transfer or assign this Agreement or an Order, except as expressly authorized above, will be null and void.
  3. Orthogramic may assign its rights and obligations under this Agreement (in whole or in part) without Customer’s consent.

20.3. Governing Law, Jurisdiction and Venue.

  1. This Agreement is governed by the laws of the State of Victoria, Australia, with the jurisdiction and venue for actions related to this Agreement in the courts of Victoria, Australia.
  2. This Agreement will be governed by such laws without regard to conflicts of laws provisions, and both parties submit to the personal jurisdiction of the applicable courts. The United Nations Convention on the International Sale of Goods does not apply to this Agreement.

20.4. Notices.

(a) Except as specified elsewhere in this Agreement, notices under this Agreement must be in writing and are deemed given on: (i) personal delivery, (ii) when received by the addressee if sent by a recognized overnight courier with receipt request, (iii) the third business day after mailing, or (iv) the first business day after sending by email, except that email will not be sufficient for notices regarding Infringement Claims, alleging breach of this Agreement by Orthogramic, or of Customer’s termination of this Agreement in accordance with Section 12.3 (Termination for Cause).

(b) Notices to Orthogramic must be provided to legal@orthogramic.com.

(c) Notices to Customer must be provided to the billing or technical contact provided to Orthogramic, which may be updated by Customer from time to time in Customer’s account pages. However, Orthogramic may provide general or operational notices via email, on its website or through the Products.

20.5. Entire Agreement. This Agreement is the parties’ entire agreement regarding its subject matter and supersedes any prior or contemporaneous agreements regarding its subject matter. In the event of a conflict among the documents making up this Agreement, the main body of this Agreement (i.e., Sections 1 through 21, inclusive) will control, except that the Policies, and DPA will control for their specific subject matter.

20.6. Other Orthogramic Offerings. Orthogramic makes available other offerings, including training services under the Training Services Policy.

20.7. Interpretation, Waivers and Severability. In this Agreement, headings are for convenience only and “including” and similar terms are to be construed without limitation. Waivers must be granted in writing and signed by the waiving party’s authorized representative. If any provision of this Agreement is held invalid, illegal or unenforceable, it will be limited to the minimum extent necessary so the rest of this Agreement remains in effect.

20.8. Changes to this Agreement.

(a) Orthogramic may modify this Agreement (which includes the Policies and DPA) from time to time, by posting the modified portion(s) of this Agreement on Orthogramic’s website. Orthogramic must use commercially reasonable efforts to post any such modification at least thirty (30) days prior to its effective date.

(b) For free subscriptions, modifications become effective during the then-current Subscription Term, in accordance with Orthogramic’s notice.

(c) For paid subscriptions:

(i) except as specified below, modifications to this Agreement will take effect at the next Order or renewal unless either party elects to not renew pursuant to Section 10.1(c) (Renewals), and

(ii) Orthogramic may specify that modifications will become effective during a then-current Subscription Term if: (A) required to address compliance with Law, or (B) required to reflect updates to Product functionality or introduction of new Product features. If Customer objects, Customer may terminate the remainder of the then-current Subscription Term for the affected Products as its exclusive remedy. To exercise this right, Customer must notify Orthogramic of its termination under this Section 20.8(c) within thirty (30) days of the modification notice, and Orthogramic will refund any pre-paid fees for the terminated portion of the applicable Subscription Term.

20.9. Force Majeure. Neither party is liable for any delay or failure to perform any obligation under this Agreement (except for a failure to pay fees) due to events beyond its reasonable control and occurring without that party’s fault or negligence.

20.10. Subcontractors and Affiliates. Orthogramic may use subcontractors or its Affiliates in the performance of its obligations under this Agreement, but Orthogramic remains responsible for its overall performance under this Agreement and for having appropriate written agreements in place with its subcontractors to enable Orthogramic to meet its obligations under this Agreement.

20.11. Independent Contractors. The parties are independent contractors, not agents, partners or joint venturers.

20.12. Export Restrictions. The Products may be subject to U.S. export restrictions and import restrictions of other jurisdictions. Customer must comply with all applicable export and import Laws in its access to, use of, and download of the Products or any content or records entered into the Products. Customer must not (and must not allow anyone else to) export, re-export, transfer or disclose the Products or any direct product of the Products: (a) to (or to a national or resident of) any U.S. embargoed jurisdiction, (b) to anyone on any U.S. or applicable non-U.S. restricted- or denied-party list, or (c) to any party that Customer has reason to know will use the Products in violation of U.S. export Law, or for any restricted end user under U.S. export Law.

20.13. Government End-Users. If Customer is a United States federal, state or local government customer, this Agreement is subject to, and is varied by, the Government Amendment.

20.14. No Contingencies. The Products, Support and Advisory Services in each Order are purchased separately and not contingent on purchase or use of other Orthogramic products and services, even if listed in the same Order. Customer’s purchases are not contingent on delivery of any future functionality or features.

21. Definitions

“Acceptable Use Policy” means Orthogramic’s Acceptable Use Policy.

“Advisory Services” means advisory services as described in the Advisory Services Policy.

“Advisory Services Policy” means Orthogramic’s Advisory Services Policy.

“Affiliate” means an entity that, directly or indirectly, owns or controls, is owned or is controlled by or is under common ownership or control with a party, where “ownership” means the beneficial ownership of more than fifty percent (50%) of an entity’s voting equity securities or other equivalent voting interests and “control” means the power to direct the management or affairs of an entity.

“Agreement” means this Orthogramic Customer Agreement, as well as the DPA and the Policies.

“Orthogramic Apps” means apps developed by Orthogramic for use with Products.

“Products” means Orthogramic’s products.

“Customer Data” means any data, content or materials provided to Orthogramic by or at the direction of Customer or its Users via the Products, including from Third-Party Products.

“Customer Materials” means materials and other resources that Customer provides to Orthogramic in connection with Support or Advisory Services.

“Documentation” means Orthogramic’s usage guidelines and standard technical documentation for the applicable Product available here.

“DPA” means the Data Processing Addendum.

“Laws” means all applicable laws, regulations, conventions, decrees, decisions, orders, judgments, codes and requirements of any government authority (federal, state, local or international) having jurisdiction.

“Order” means Orthogramic’s ordering document or online order specifying the Products, Support or Advisory Services to be provided under this Agreement, accepted by Orthogramic in accordance with Section 9 (Ordering Process and Delivery).

“Policies” means the Acceptable Use Policy, Advisory Services Policy, guidelines for Reporting Copyright and Trademark Violations, Privacy Policy, Security Processes, Service Level Agreement, Support Policy, Third-Party Code Policy.

“Privacy Policy” means Orthogramic’s Privacy Policy.

“Products” means the applicable Products made available by Orthogramic in connection with an Order. Products also include Orthogramic Apps.

“Reseller” means a partner authorized by Orthogramic to resell Orthogramic’s Products, Support and Advisory Services to customers.

“Scope of Use” means Customer’s entitlements to the Products specified in an Order, which may include: (a) number and type of Users, (b) numbers of licenses, copies or instances, or (c) entity, division, business unit, field of use or other restrictions or billable units.

“Security Processes” means Orthogramic’s Security Processes.

“Service Level Agreement” means the service level commitments, if any, for a Product as described in Service Level Agreement.

“Subscription Term” means the term for Customer’s use of or access to the Products and related Support and Advisory Services as identified in an Order.

“Support” means the level of support for the Products corresponding to Customer’s Scope of Use, as identified in the Support Policy.

“Support Policy” means the Orthogramic support offerings documentation available in the Support Policy.

“Third-Party Code Policy” means Orthogramic’s Third-Party Code Policy.

“User” means any individual that Customer authorizes to use the Products. Users may include: (i) Customer’s and its Affiliates’ employees, consultants, contractors and agents (ii) third parties with which Customer or its Affiliates transact business (iii) individuals invited by Customer’s users (iv) individuals under managed accounts, or (v) individuals interacting with a Product as Customer’s customer.

Government Amendment

This Government Amendment (this “Amendment”) modifies the Orthogramic Customer Agreement or a written agreement executed by Orthogramic (each, the “Agreement”) and applies to United States federal, state, and local government Customers (“Government”) only to address statutory restrictions that apply to the Agreement.

The Government and Orthogramic are together referred to as the “Parties.” Accordingly, the Agreement is hereby modified as set forth below as it pertains to use by the Government. Orthogramic may update or modify this Amendment from time to time as set forth in the Agreement.

All capitalized terms used and not defined in this Amendment have the meanings given to them in the Agreement. Except as expressly set forth herein, all of the terms and conditions of the Agreement remain in full force and effect.

1. Commercial Items

The Products, Documentation, and related Support and Advisory Services are commercial in nature and available in the open marketplace. For U.S. federal Government Customers, the Products are "commercial computer software" as defined at 48 C.F.R. §§ 2.101 and 252.227-7014(a)(1) and as the term is used in 48 C.F.R §§ 12.212 and 227.7202; the related Support and Advisory Services are “commercial services” as defined in 48 C.F.R. § 2.101; and the Documentation is commercial “computer software documentation” as defined in 48 C.F.R. §§ 2.101 and 252.227-7014(a)(5) and as used in 48 C.F.R. §§ 12.212 and 227.7202. The Products, Documentation, and related Support and Advisory Services are provided to all Government Customers and Users, for use by the Government or on its behalf, subject to the terms of this Agreement, and all sales to U.S. federal Government Customers must be consistent with 48 C.F.R. §§12.212, 227.7202, and 252.227-7015, as applicable. The Products, Documentation, and related Support and Advisory Services are licensed to the Government with only those rights as granted to all other Customers and Users, according to the terms and conditions contained in the Agreement.

2. Government Purpose

Government’s use of Products, Documentation, and related Support and Advisory Services under the Agreement as amended herein must only be for a governmental purpose. Any private, personal, or non-governmental purposes are not subject to this Amendment.

3. Liability, Statute of Limitations

Claims and liabilities arising from the Agreement will be determined under the Contract Disputes Act, the Federal Tort Claims Act, or the equivalent governing state or local legal authority and procedure. Federal statute of limitations provisions or, if applicable, state statute of limitations, apply to any breach or claim.

4. Governing Law

Any terms regarding choice of law and venue in the Agreement are hereby waived. The Agreement and this Amendment are governed by, and interpreted and enforced in accordance with, the laws applicable to Government without reference to conflict of laws. The laws of the State of California will apply in the absence of applicable law.

5. Intellectual Property Ownership

Except as expressly stated in the Agreement, no rights to any derivative works, inventions, products or product modifications, or documentation are conferred to Government or any other party. All such rights belong exclusively to Orthogramic.

6. Publicity Rights

No publicity rights are granted by either Party in this Agreement. Any publicity must be authorized in writing by the Parties prior to name or logo use.

7. Order of Precedence and Severability

7.1. Order of Precedence. If there is any conflict between this Amendment and the Agreement, or between this Amendment and other terms, rules or policies on the Orthogramic website or related to the Products or related services, this Amendment will prevail.

7.2. Severability. The terms and conditions of this Amendment and the Agreement apply except to the limited extent prohibited by Law. If and to the extent any term or condition of this Amendment or the Agreement is so prohibited, such term or condition will be deemed modified only to the extent reasonably necessary to conform to Law but to give maximum effect to the term or condition as written.

Service Level Agreement

1. Service Level Commitment

For Eligible Products (as listed in the table in Appendix A) Orthogramic must provide the following monthly uptime percentage to Customer (the “Service Level Commitment”):

Service Level Commitment

Plan Service Level Commitment
Professional 99.9%
Enterprise 99.95%

2. Service Credits

2.1. Eligibility. To be eligible to receive a service credit for Orthogramic’s failure to meet the Service Level Commitment (“Service Credit”), Customer must submit a ticket at https://support.orthogramic.com with all fields fully and accurately completed within fifteen (15) days after the end of the calendar month in which the alleged failure occurred and provide any other reasonably requested information or documentation (for instance, as described in Process to Get Compensation). Orthogramic’s monitoring and logging infrastructure is the sole source of truth for determining whether Orthogramic has met the Service Level Commitment.

2.2. Issuance. If Orthogramic confirms a failure to meet the Service Level Commitment, Orthogramic will apply the Service Credit, which will be calculated as described in Appendix B, against a future payment due from Customer for the affected Product, provided that Customer’s account is fully paid up, without any overdue payments or disputes. No refunds or cash value will be given for unused Service Credits. Service Credits may not be transferred or applied to any other Orthogramic account or Product. The aggregate maximum Service Credit applied to an invoice will not exceed 100% of the amount invoiced for the affected Product in that invoice billing period (which, since Service Credits are applied to future payments, is not the month in which the affected Product was unavailable).

2.3. Reseller Purchases. If Customer purchased the affected Product through a Reseller, (a) Customer or the Reseller may submit a ticket as described in Section 2.1 above; and (b) any Service Credit will be based on the fees invoiced by Orthogramic to the Reseller for Customer’s use of the affected Product under the Reseller’s applicable order(s) with Orthogramic. Orthogramic will issue any associated Service Credits to the Reseller (and not directly to Customer), and the Reseller will be solely responsible for issuing the appropriate amounts to Customer.

3. Exclusions

Customer is not entitled to Service Credits if Customer is in breach of the Agreement (as defined below) or has not provisioned the relevant Product. The Service Level Commitment does not include unavailability to the extent due to: (a) Customer’s use of the Products in a manner not authorized under the Agreement; (b) force majeure events or other factors outside of Orthogramic’s reasonable control, including internet access or related problems; (c) Customer equipment, software, network connections or other infrastructure; (d) Customer Data or Customer Materials (or similar concepts defined in the Agreement); (e) Third-Party Products; or (f) routine scheduled maintenance or reasonable emergency maintenance. The Service Level Commitment does not apply to (i) sandbox instances or Free or Beta Products (or similar concepts in the Agreement) or (ii) features excluded from the Service Level Commitment in the applicable Documentation.

4. Exclusive Remedies

Service Credits are Customer’s exclusive remedy and Orthogramic’s entire liability for Orthogramic’s failure to meet the Service Level Commitment.

5. Definitions

All capitalized terms used and not defined in this Service Level Agreement have the meanings given to them in the applicable agreement between Customer and Orthogramic for the relevant Products referencing this Service Level Agreement (“Agreement”).

Appendix A – Eligible Products and Covered Experiences

Eligible Product Covered Experience*
Orthogramic
  • Upload and edit documents
  • View and edit business architecture domain data
  • Chat

* Covered Experiences include browser-based experiences only (not, e.g., integrations, API calls or mobile versions).

Appendix B – Service Credits

Professional Plan Products

Monthly Uptime Percentage Service Credit*
Less than 99.9% but greater than or equal to 99.0% 10%
Less than 99.0% but greater than or equal to 95.0% 25%
Less than 95.0% 50%

Enterprise Plan Products

Monthly Uptime Percentage Service Credit*
Less than 99.95% but greater than or equal to 99.9% 5%
Less than 99.9% but greater than or equal to 99.0% 10%
Less than 99.0% but greater than or equal to 95.0% 25%
Less than 95.0% 50%

Calculation

The monthly uptime percentage indicated in the above tables is determined by subtracting from 100% the percentage of Downtime Minutes (as defined below) out of the total minutes in the relevant calendar month. This calculation is done independently for each Eligible Product. All calendar months are measured in the UTC time zone.

Example calculation

  • Total minutes in a 30-day calendar month: 43,200
  • Downtime Minutes in the same month: 60
  • Percentage of Downtime Minutes: 0.138889%
  • 100% minus 0.138889% results in a monthly uptime percentage of 99.86%
  • Subject to the terms of this Service Level Agreement, in this example, the customer is eligible for Service Credits equivalent to 10% of the monthly fees attributable to the affected Eligible Product for the month in which the failure occurred.

Definitions

  • Covered Experiences: are specified for each Eligible Product in Appendix A.
  • Downtime Minute: occurs when the Error Rate in a given minute is greater than 5%.
  • Error Rate: means, over a given 1-minute period, the percentage of Customer’s requests to Covered Experiences resulting in an error out of Customer’s total requests to those Covered Experiences. For example:
    • If all Covered Experiences were completely inoperable or unable to receive Customer’s requests, the Error Rate for that minute is 100%. It counts as a Downtime Minute for the affected Eligible Product.
    • If 10 of 100 requests by Customer to at least one Covered Experience were unsuccessful, the Error Rate for that minute is 10%. It counts as a Downtime Minute for the affected Eligible Product.
    • If 1 of 100 requests by Customer to at least one Covered Experience were unsuccessful, the Error Rate for that minute is 1%. It does not count as a Downtime Minute for the affected Eligible Product.
    • If Customer attempted no requests to any of the Covered Experiences over a minute, the Error Rate for that minute is 0%. It does not count as a Downtime Minute for the affected Eligible Product.

If you think you qualify for compensation, you need to submit two separate requests to get help and compensation:

  1. Report your problem and get help: Submit a technical support request during the incident at support.Orthogramic.com/contact.
  2. Request a compensation credit: After you submit a technical support ticket, you have until the 15th of the month following the problem to submit a compensation request. Submit a separate SLA compensation request, as explained in the next section.

Advisory Services Policy

You can only request SLA compensation for production instances of Professional and Enterprise products.

This Advisory Services Policy (this “ Policy ”) supplements the Orthogramic Customer Agreement, or another agreement entered between Customer and Orthogramic (the “Agreement” ) and governs Orthogramic’s provision of advisory services in connection with Orthogramic Products (“ Advisory Services ”). This Policy controls in the event of a conflict with the Agreement. Capitalized terms used and not defined in this Policy have the meanings given to them in the Agreement.

Advisory Services include (a) standalone service offerings (such as plays, assessments, and workshops) (strong“Structured Advisory Services”) and (b) subscription plans ( “On-Demand Advisory Services” ). Certain On-Demand Advisory Services may include access to Structured Advisory Services. The scope of particular Advisory Services is indicated in the Order and in the applicable Advisory Services datasheet (available via the link above).

1. Subscription Term and Consumption Period

1.1. On-Demand Advisory Services. On-Demand Advisory Services begin on the start date indicated in the applicable Order and are provided on a continuing basis for the duration of the Subscription Term. Any Subscription Term for Advisory Services may only be renewed by mutual written agreement of the parties. Any renewal terms and conditions, including pricing, are subject to change.

1.2. Structured Advisory Services. Structured Advisory Services must be consumed within 12 months from the date of the Order. After this period, Customer will no longer have any access to the Structured Advisory Service.

2. Availability of Advisory Services Representatives

Advisory Services are offered during Business Hours (as defined below) and are delivered by Orthogramic product specialists such as engagement managers, solution strategists, and/or business architects (each, an “Advisory Services Representative”) following a kick-off meeting to be scheduled within 14 days from the date of the Order or the start of the Subscription Term, whichever is later. Orthogramic may designate different Advisory Services Representatives to provide Advisory Services (or portions thereof), depending on the particular services and Orthogramic Products in scope. Advisory Services may be provided remotely or, for certain types and/or On-Demand Advisory Services plans, on site, in each case, on a schedule mutually agreed between Orthogramic and Customer’s Account Representatives (as defined below). More information regarding on-site services delivery is included in Section 5 (Travel & Living Expenses). “Business Hours” means 9 am to 5 pm AEST (Australian Eastern Standard Time) on any day that is not an Orthogramic-designated holiday or weekend.

3. Account Representatives

Customer must designate up to two individuals to serve as key points of contact with the Advisory Services team (the “Account Representatives”). Customer must submit all requests through its Account Representatives, and Orthogramic will rely and act upon each Account Representative’s instructions. Customer must ensure that the Account Representatives have baseline technical knowledge of the Products associated with the Advisory Services.

4. Limitations of Advisory Services

Fees for Advisory Services are to secure the availability, and time and effort, of Advisory Services Representatives. Orthogramic will use commercially reasonable efforts to provide Advisory Services in a professional manner and to address Customer requests, but Orthogramic does not guarantee resolution of such requests. Actual areas of advice and guidance will depend on the ordered Advisory Services, as well as on Customer’s requests and needs. Topics that are not explicitly listed in an Advisory Services description or in an applicable Advisory Services datasheet are outside the scope of the related services.

5. Travel & Living Expenses

On-site services are not included in the Advisory Services unless agreed on a case-by-case basis. In such case, any pre-approved travel, lodging, and meal expenses incurred by an Advisory Services Representative may be invoiced directly to Customer, and Customer will reimburse Orthogramic for those expenses in accordance with the payment terms in the applicable Order for the Advisory Services.

6. Structured Advisory Services

6.1. General. Structured Advisory Services are standalone service offerings (such as plays, assessments, and workshops) to discuss the design and implementation of Customer’s deployment of Orthogramic Products or solutions.

6.2. Refund Policy. Customer may request a refund for Structured Advisory Services if Customer provides notice to Orthogramic via Customer’s Account Representative within 30 days of the date of the Order and before Orthogramic has commenced delivery.

7. Change Control Procedure

Changes to an Advisory Services engagement may be made only in writing executed by both parties (a “Change Order”), and Orthogramic has no obligation to commence work in connection with any change request until such time. A Change Order is not required for any reallocation by Customer among the various types of Structured Advisory Services available as part of a given On-Demand Advisory Services plan, provided that (i) Orthogramic has not commenced delivery, (ii) such reallocation is among Structured Advisory Services of equivalent medal (as indicated on the relevant datasheet), and (iii) it does not cause a change in the total fee for the Advisory Services as stated on the applicable Order. To request any such reallocation, Customer must provide written notice to Orthogramic via Customer’s Account Representatives, which request Orthogramic may confirm or deny in its discretion.

8. Customer Use Rights

As part of the Advisory Services, Orthogramic may provide reports, analyses, templates, technology, or other deliverables. Customer may use such deliverables only as part of its authorized use of the Products.

Data Processing Addendum

This Data Processing Addendum ( “DPA” ) supplements the Orthogramic Customer Agreement, or other agreement in place between Customer and Orthogramic covering Customer’s use of Orthogramic’s Products and related Support and Advisory Services (the “Agreement”). Unless otherwise defined in this DPA or in the Agreement, all capitalized terms used in this DPA will have the meanings given to them in Section 9 of this

1. Scope and Term

1.1 Roles of the Parties.

(a) Customer Personal Data. Orthogramic will Process Customer Personal Data as Customer’s Processor in accordance with Customer’s instructions as outlined in Section 2.1 (Customer Instructions).

(b) Orthogramic Account Data. Orthogramic will Process Orthogramic Account Data as a Controller for the following purposes: (i) to provide and improve the Products; (ii) to manage the Customer relationship (communicating with Customer and Users in accordance with their account preferences, responding to Customer inquiries and providing technical support, etc.), (iii) to facilitate security, fraud prevention, performance monitoring, business continuity and disaster recovery; and (iv) to carry out core business functions such as accounting, billing, and filing taxes.

(c) Orthogramic Usage Data. Orthogramic will Process Orthogramic Usage Data as a Controller for the following purposes: (i) to provide, optimize, secure, and maintain Orthogramic’s Products; (ii) to optimize user experience; and (iii) to inform Orthogramic’s business strategy.

(d) Description of the Processing. Details regarding the Processing of Personal Data by Orthogramic are stated in Schedule 1 (Description of Processing).

1.2 Term of the DPA. The term of this DPA coincides with the term of the Agreement and terminates upon expiration or earlier termination of the Agreement (or, if later, the date on which Orthogramic ceases all Processing of Customer Personal Data).

1.3 Order of Precedence. If there is any conflict or inconsistency among the following documents, the order of precedence is: (1) the applicable terms stated in Schedule 2 (Region-Specific Terms including any transfer provisions); (2) the main body of this DPA; and (3) the Agreement.

2. Processing of Personal Data

2.1 Customer Instructions. Orthogramic must Process Customer Personal Data in accordance with the documented lawful instructions of Customer as stated in the Agreement (including this DPA) and respective Orders, as necessary to (i) enable the use of various features and functionalities in accordance with the Documentation (including as directed by Users through the Products), (ii) provide Advisory Services or (iii) comply with its legal obligations. Orthogramic will notify Customer if it becomes aware, or reasonably believes, that Customer’s instructions violate Applicable Data Protection Law.

2.2 Confidentiality. Orthogramic must treat Customer Personal Data as Customer’s Confidential Information under the Agreement. Orthogramic must ensure personnel authorized to Process Personal Data are bound by written or statutory obligations of confidentiality.

3. Security

3.1 Security Processes. Orthogramic has implemented and will maintain appropriate technical and organizational measures designed to protect the security, confidentiality, integrity and availability of Customer Data and protect against Security Incidents. Customer is responsible for configuring the Products and using features and functionalities made available by Orthogramic to maintain appropriate security in light of the nature of Customer Data. Orthogramic’s current technical and organizational measures are described in Security Processes. Customer acknowledges that the Security Processes are subject to technical progress and development and that Orthogramic may update or modify the Security Processes from time to time, provided that such updates and modifications do not materially decrease the overall security of the Products during a Subscription Term.

3.2 Security Incidents. Orthogramic must notify Customer without undue delay and, where feasible, no later than seventy-two (72) hours after becoming aware of a Security Incident. Orthogramic must make reasonable efforts to identify the cause of the Security Incident, mitigate the effects and remediate the cause to the extent within Orthogramic’s reasonable control. Upon Customer’s request and taking into account the nature of the Processing and the information available to Orthogramic, Orthogramic must assist Customer by providing information reasonably necessary for Customer to meet its Security Incident notification obligations under Applicable Data Protection Law. Orthogramic’s notification of a Security Incident is not an acknowledgment by Orthogramic of its fault or liability.

4. Sub-processing

4.1 General Authorization. By entering into this DPA, Customer provides general authorization for Orthogramic to engage Sub-processors to Process Customer Personal Data. Orthogramic must: (i) enter into a written agreement with each Sub-processor imposing data protection terms that require the Sub-processor to protect Customer Personal Data to the standard required by Applicable Data Protection Law and to the same standard provided by this DPA; and (ii) remain liable to Customer if such Sub-processor fails to fulfill its data protection obligations with regard to the relevant Processing activities under the Agreement.

5. Assistance and Cooperation Obligations

5.1 Data Subject Rights. Taking into account the nature of the Processing, Orthogramic must provide reasonable and timely assistance to Customer to enable Customer to respond to requests for exercising a data subject’s rights (including rights of access, rectification, erasure, restriction, objection, and data portability) in respect to Customer Personal Data.

5.2 Cooperation Obligations. Upon Customer’s reasonable request, and taking into account the nature of the applicable Processing, Orthogramic will provide reasonable assistance to Customer in fulfilling Customer’s obligations under Applicable Data Protection Law (including data protection impact assessments and consultations with regulatory authorities), provided that Customer cannot reasonably fulfill such obligations independently with the help of available Documentation.

5.3 Third Party Requests. Unless prohibited by Law, Orthogramic will promptly notify Customer of any valid, enforceable subpoena, warrant, or court order from law enforcement or public authorities compelling Orthogramic to disclose Customer Personal Data. Orthogramic will follow its law enforcement guidelines in responding to such requests. In the event that Orthogramic receives an inquiry or a request for information from any other third party (such as a regulator or data subject) concerning the Processing of Customer Personal Data, Orthogramic will redirect such inquiries to Customer, and will not provide any information unless required to do so under applicable Law.

6. Deletion and Return of Customer Personal Data

6.1 During Subscription Term. During the Subscription Term, Customer and its Users may, through the features of the Products, access, retrieve or delete Customer Personal Data.

6.2 Post Termination. Following expiration or termination of the Agreement, Orthogramic must, in accordance with the Documentation, delete all Customer Personal Data. Notwithstanding the foregoing, Orthogramic may retain Customer Personal Data (i) as required by Applicable Data Protection Law or (ii) in accordance with its standard backup or record retention policies, provided that, in either case, Orthogramic will maintain the confidentiality of, and otherwise comply with the applicable provisions of this DPA with respect to retained Customer Personal Data and not further Process it except as required by Applicable Data Protection Law.

7. Audit

7.1 Audit Reports. Orthogramic is regularly audited by independent third-party auditors and/or internal auditors. Upon request, and on the condition that Customer has entered into an applicable non-disclosure agreement with Orthogramic, Orthogramic will supply a summary copy of relevant audit report(s) (“Report”) to Customer, so Customer can verify Orthogramic’s compliance with the audit standards against which it has been assessed, and this DPA. If Customer cannot reasonably verify Orthogramic’s compliance with the terms of this DPA, Orthogramic will provide written responses (on a confidential basis) to all reasonable requests for information made by Customer related to its Processing of Customer Personal Data, provided that such right may only be exercised no more than once every twelve (12) months.

7.2 On-site Audits. Only to the extent Customer cannot reasonably satisfy Orthogramic’s compliance with this DPA through the exercise of its rights under Section 7.1 above, or where required by Applicable Data Protection Law or a regulatory authority, Customer, or its authorized representatives, may, at Customer’s expense, conduct audits (including inspections) during the term of the Agreement to assess Orthogramic’s compliance with the terms of this DPA. Any audit must (i) be conducted during Orthogramic’s regular business hours, with reasonable advance written notice of at least sixty (60) calendar days (unless Applicable Data Protection Law or a regulatory authority requires a shorter notice period); (ii) be subject to reasonable confidentiality controls obligating Customer (and its authorized representatives) to keep confidential any information disclosed that, by its nature, should be confidential; (iii) occur no more than once every twelve (12) months; and (iv) restrict its findings to only information relevant to Customer.

8. International Provisions

To the extent Orthogramic Processes Personal Data protected by Applicable Data Protection Laws in one of the regions listed in Schedule 2 (Region-Specific Terms), the terms specified for the applicable regions will also apply, including the provisions relevant for international transfers of Personal Data (directly or via onward transfer).

8. Definitions

“Applicable Data Protection Law” means all Laws applicable to the Processing of Personal Data under the Agreement.

“Orthogramic Account Data” means Personal Data relating to Customer’s relationship with Orthogramic, including: (i) Users’ account information (e.g. name, email address, or Orthogramic’s account ID (AAID)); (ii) billing and contact information of individual(s) associated with Customer’s Orthogramic account (e.g. billing address, email address, or name); (iii) Users’ device and connection information (e.g. IP address); and (iv) content/description of technical support requests (excluding attachments) alongside with the Support Entitlement Number (SEN).

“Orthogramic Usage Data” means Personal Data relating to or obtained in connection with the use, performance, operation, support or use of the Products. Orthogramic Usage Data may include event name (i.e. what action Users performed), event timestamps, browser information, and diagnostic data. For clarity, Orthogramic Usage Data does not include Customer Personal Data.

“Controller” means the natural or legal person, public authority, agency, or other body which, alone or jointly with others, determines the purposes and means of the Processing of Personal Data.

“Customer Personal Data” means Personal Data contained in Customer Data and/or Customer Materials that Orthogramic Processes under the Agreement solely on behalf of Customer. For clarity, Customer Personal Data includes any Personal Data included in the attachments provided by Customer or its Users in any technical support requests.

“Personal Data” means information about an identified or identifiable natural person, or which otherwise constitutes “personal data”, “personal information”, “personally identifiable information” or similar terms as defined in Applicable Data Protection Law.

“Processing” (and “Process”) means any operation or set of operations which is performed on Personal Data or on sets of Personal Data, whether or not by automated means, such as collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, consultation, use, disclosure by transmission, dissemination or otherwise making available, alignment or combination, restriction, erasure, or destruction.

“Processor” means the entity which Processes Personal Data on behalf of the Controller.

“Security Incident” means any breach of security leading to the accidental or unlawful destruction, loss, alteration, unauthorized disclosure of, or access to Customer Data Processed by Orthogramic and/or its Sub-processors.

“Sub-processor” means any third party (inc. Orthogramic Affiliates) engaged by Orthogramic to Process Customer Personal Data.

Schedule 1 Description of Processing

Categories of data subjects whose Personal Data is Processed: Customer and its Users.

Categories of Personal Data Processed: Orthogramic Account Data, Orthogramic Usage Data, and Customer Personal Data.

Sensitive data transferred: Orthogramic Account Data and Customer Usage Data do not contain data (i) revealing racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade union membership, (ii) genetic data, biometric data Processed for the purposes of uniquely identifying a natural person, data concerning health, or data concerning a natural person's sex life or sexual orientation, or (iii) relating to criminal convictions and offences (altogether “Sensitive Data”). Subject to Section 6.3 of the Agreement (Sensitive Health Information and HIPAA), Customer or its Users may upload content to the Products which may include Sensitive Data, the extent of which is determined and controlled solely by Customer.

The frequency of the transfer: Continuous.

Nature of the Processing: Orthogramic will Process Personal Data in order to provide the Products and related Support and Advisory Services in accordance with the Agreement, including this DPA. Additional information regarding the nature of the Processing (including transfer) is described in respective Orders for relevant Products and Documentation referring to technical capabilities and features, including but not limited to collection, structuring, storage, transmission, or otherwise making available of Personal Data by automated means.

Purpose(s) of the Processing:

6.1. Customer Personal Data: Orthogramic will Process Customer Personal Data as Processor in accordance with Customer’s instructions as set out in Section 2.1 (Customer Instructions).

6.2. Orthogramic Account Data and Orthogramic Usage Data: Orthogramic will Process Orthogramic Account Data and Orthogramic Usage Data for the limited and specified purposes outlined in Section 1.1 (Roles of the Parties).

Duration of Processing:

7.1. Customer Personal Data: Orthogramic will Process Customer Personal Data for the term of the Agreement as outlined in Section 6 (Deletion and Return of Customer Personal Data).

7.2. Orthogramic Account Data and Orthogramic Usage Data: Orthogramic will Process Orthogramic Account Data and Orthogramic Usage Data only as long as required (a) to provide Products and related Support and Advisory Services to Customer in accordance with the Agreement; (b) for Orthogramic’s legitimate business purposes outlined in Section 1.1 (Roles of the Parties); or (c) by applicable Law(s).

Transfers to (Sub-)processors: Orthogramic will transfer Customer Personal Data to Sub-processors as permitted in Section 4 (Sub-processing).

Schedule 2 Region-Specific Terms

Unless otherwise defined in this DPA or in the Agreement, all capitalized terms used in this Schedule will have the meanings given to them in Section 4 of this Schedule.

Europe, United Kingdom and Switzerland.

1.1 Customer Instructions. In addition to Section 2.1 (Customer Instructions) of the DPA above, Orthogramic will Process Customer Personal Data only on documented instructions from Customer, including with regard to transfers of such Customer Personal Data to a third country or an international organisation, unless required to do so by Applicable Data Protection Law to which Orthogramic is subject; in such a case, Orthogramic shall inform Customer of that legal requirement before Processing, unless that law prohibits such information on important grounds of public interest. Orthogramic will promptly inform Customer if it becomes aware that Customer's Processing instructions infringe Applicable Data Protection Law.

1.2 European Transfers. Where Personal Data protected by the EU Data Protection Law is transferred, either directly or via onward transfer, to a country outside of Europe that is not subject to an adequacy decision, the following applies:

  • The EU SCCs are hereby incorporated into this DPA by reference as follows:
    • Customer is the “data exporter” and Orthogramic is the “data importer”.
    • Module One (Controller to Controller) applies where Orthogramic is Processing Orthogramic Account Data or Orthogramic Usage Data.
    • Module Two (Controller to Processor) applies where Customer is a Controller of Customer Personal Data and Orthogramic is Processing Customer Personal Data as a Processor.
    • Module Three (Processor to Processor) applies where Customer is a Processor of Customer Personal Data and Orthogramic is Processing Customer Personal Data as another Processor.
    • By entering into this DPA, each party is deemed to have signed the EU SCCs as of the commencement date of the Agreement.
  • For each Module, where applicable:
    • In Clause 7, the optional docking clause does not apply.
    • In Clause 9, Option 2 applies, and the time period for prior notice of Sub-processor changes is stated in Section 4 (Sub-processing) of this DPA.
    • In Clause 11, the optional language does not apply.
    • In Clause 17, Option 1 applies, and the EU SCCs are governed by Irish law.
    • In Clause 18(b), disputes will be resolved before the courts of Ireland.
    • The Appendix of EU SCCs is populated as follows:
      • The information required for Annex I(A) is located in the Agreement and/or relevant Orders.
      • The information required for Annex I(B) is located in Schedule 1 (Description of Processing) of this DPA.
      • The competent supervisory authority in Annex I(C) will be determined in accordance with the Applicable Data Protection Law; and
      • The information required for Annex II is located in Security Processes.

1.3 Swiss Transfers. Where Personal Data protected by the Swiss FADP is transferred, either directly or via onward transfer, to any other country that is not subject to an adequacy decision, the EU SCCs apply as stated in Section 1.2 (European Transfers) above with the following modifications:

  • All references in the EU SCCs to “Regulation (EU) 2016/679” will be interpreted as references to the Swiss FADP, and references to specific Articles of “Regulation (EU) 2016/679” will be replaced with the equivalent article or section of the Swiss FADP; all references to the EU Data Protection Law in this DPA will be interpreted as references to the FADP.
  • In Clause 13, the competent supervisory authority is the Swiss Federal Data Protection and Information Commissioner.
  • In Clause 17, the EU SCCs are governed by the laws of Switzerland.
  • In Clause 18(b), disputes will be resolved before the courts of Switzerland.
  • All references to Member State will be interpreted to include Switzerland and Data Subjects in Switzerland are not excluded from enforcing their rights in their place of habitual residence in accordance with Clause 18(c).

1.4 United Kingdom Transfers. Where Personal Data protected by the UK Data Protection Law is transferred, either directly or via onward transfer, to a country outside of the United Kingdom that is not subject to an adequacy decision, the following applies:

  • The EU SCCs apply as set forth in Section 1.2 (European Transfers) above with the following modifications:
    • Each party shall be deemed to have signed the UK Addendum.
    • For Table 1 of the UK Addendum, the parties’ key contact information is located in the Agreement and/or relevant Orders.
    • For Table 2 of the UK Addendum, the relevant information about the version of the EU SCCs, modules, and selected clauses which this UK Addendum is appended to is located above in Section 1.2 (European Transfers) of this Schedule.
    • For Table 3 of the UK Addendum:
      • The information required for Annex 1A is located in the Agreement and/or relevant Orders.
      • The Information required for Annex 1B is located in Schedule 1 (Description of Processing) of this DPA.
      • The information required for Annex II is located in Security Processes.
      • The information required for Annex III is located in Section 4 (Sub-processing) of this DPA.
    • In Table 4 of the UK Addendum, both the data importer and data exporter may end the UK Addendum.

1.5 Data Privacy Framework. Orthogramic participates in and certifies compliance with the Data Privacy Framework. As required by the Data Privacy Framework, Orthogramic (i) provides at least the same level of privacy protection as is required by the Data Privacy Framework Principles; (ii) will notify Customer if Orthogramic makes a determination it can no longer meet its obligation to provide the same level of protection as is required by the Data Privacy Framework Principles, and (iii) will, upon written notice, take reasonable and appropriate steps to remediate any unauthorized Processing of Personal Data.

United States of America. The following terms apply where Orthogramic Processes Personal Data subject to the US State Privacy Laws:

2.1 To the extent Customer Personal Data includes personal information protected under US State Privacy Laws that Orthogramic Processes as a Service Provider or Processor, on behalf of Customer, Orthogramic will Process such Customer Personal Data in accordance with the US State Privacy Laws, including by complying with applicable sections of the US State Privacy Laws and providing the same level of privacy protection as required by US State Privacy Laws, and in accordance with Customer's written instructions, as necessary for the limited and specified purposes identified in Section 1.1(a) (Customer Personal Data) and Schedule 1 (Description of Processing) of this DPA. Orthogramic will not:

  • retain, use, disclose or otherwise Process such Customer Personal Data for a commercial purpose other than for the limited and specified purposes identified in this DPA, the Agreement, and/or any related Order, or as otherwise permitted under US State Privacy Laws;
  • "sell" or “share” such Customer Personal Data within the meaning of the US State Privacy Laws; and
  • retain, use, disclose or otherwise Process such Customer Personal Data outside the direct business relationship with Customer and not combine such Customer Personal Data with personal information that it receives from other sources, except as permitted under US State Privacy Laws.

2.2 Orthogramic must inform Customer if it determines that it can no longer meet its obligations under US State Privacy Laws within the timeframe specified by such laws, in which case Customer may take reasonable and appropriate steps to prevent, stop, or remediate any unauthorized Processing of such Customer Personal Data.

2.3 To the extent Customer discloses or otherwise makes available Deidentified Data to Orthogramic or to the extent Orthogramic creates Deidentified Data from Customer Personal Data, in each case in its capacity as a Service Provider, Orthogramic will:

  • adopt reasonable measures to prevent such Deidentified Data from being used to infer information about, or otherwise being linked to, a particular natural person or household;
  • publicly commit to maintain and use such Deidentified Data in a de-identified form and to not attempt to re-identify the Deidentified Data, except that Orthogramic may attempt to re-identify such data solely for the purpose of determining whether its de-identification processes are compliant with the US State Privacy Laws; and
  • before sharing Deidentified Data with any other party, including Sub-processors, contractors, or any other persons (“Recipients”), contractually obligate any such Recipients to comply with all requirements of this Section 2.3 (including imposing this requirement on any further Recipients).

South Korea

3.1 Customer agrees that it has provided notice and obtained all consents and rights necessary under Applicable Data Protection Law for Orthogramic to Process Orthogramic Account Data and Orthogramic Usage Data pursuant to the Agreement (including this DPA).

3.2 To the extent Customer discloses or otherwise makes available Deidentified Data to Orthogramic, Orthogramic will:

  • maintain and use such Deidentified Data in a de-identified form and not attempt to re-identify the Deidentified Data; and
  • before sharing Deidentified Data with any other party, including Sub-processors, contractors, or any other persons (“Recipients”), contractually obligate any such Recipients to comply with all requirements of this Section 3.2 (including imposing this requirement on any further Recipients).

Definitions.

4.1 Where Personal Data is subject to the laws of one of the following regions, the definition of “Applicable Data Protection Law” includes:

  • Australia: the Australian Privacy Act;
  • Brazil: the Brazilian Lei Geral de Proteção de Dados (General Personal Data Protection Act);
  • Canada: the Canadian Personal Information Protection and Electronic Documents Act;
  • Europe: (i) the Regulation 2016/679 of the European Parliament and of the Council on the protection of natural persons with regard to the Processing of Personal Data and on the free movement of such data (General Data Protection Regulation, or GDPR) and (ii) the EU e-Privacy Directive (Directive 2002/58/EC) as amended, superseded or replaced from time to time (“EU Data Protection Law”);
  • Japan: the Japanese Act on the Protection of Personal Information;
  • Singapore: the Singapore Personal Data Protection Act;
  • South Korea: the South Korean Personal Information Protection Act (“PIPA”) and the Enforcement Decrees of PIPA;
  • Switzerland: the Swiss Federal Act on Data Protection and its implementing regulations as amended, superseded, or replaced from time to time (“Swiss FADP”);
  • The United Kingdom: the Data Protection Act 2018 and the GDPR as saved into United Kingdom law by virtue of Section 3 of the United Kingdom's European Union (Withdrawal) Act 2018 as amended, superseded or replaced from time to time (“UK Data Protection Law”); and
  • The United States: all state laws relating to the protection and Processing of Personal Data in effect in the United States of America, which may include, without limitation, the California Consumer Privacy Act, as amended by the California Privacy Rights Act, and its implementing regulations (“CCPA”), the Virginia Consumer Data Protection Act, the Colorado Privacy Act, the Connecticut Data Privacy Act, and the Utah Consumer Privacy Act (“US State Privacy Laws”).

4.2 “Deidentified Data” means data that cannot reasonably be used to infer information about, or otherwise be linked to, a data subject.

4.3 “Data Privacy Framework” means the EU-U.S. Data Privacy Framework, the UK Extension to the EU-U.S. Data Privacy Framework, and the Swiss-U.S. Data Privacy Framework self-certification program operated by the US Department of Commerce.

4.4 “Europe” includes, for the purposes of this DPA, the Member States of the European Union and European Economic Area.

4.5 “EU SCCs” means the contractual clauses annexed to the European Commission's Implementing Decision 2021/914 of 4 June 2021 on standard contractual clauses for the transfer of Personal Data to third countries pursuant to Regulation (EU) 2016/679 of the European Parliament and of the Council, as amended, superseded, or replaced from time to time.

4.6 “Service Provider” has the same meaning as given in the CCPA.

4.7 “UK Addendum” means the International Data Transfer Addendum to the EU Commission Standard Contractual Clauses issued by the UK Information Commissioner, Version B1.0, in force 21 March 2022, as amended, superseded or replaced from time to time.

Acceptable Use Policy

Here at Orthogramic, our goal is to help you and your team do the best work of your lives, every day. To do this, we need to keep our products and services running smoothly, quickly, and without distraction. For this to happen, we need help from you, our users. We need you not to misuse or abuse our products and services.

To describe exactly what we mean by “misuse” or “abuse” – and help us identify such transgressions, and react accordingly – we’ve created this Acceptable Use Policy. Under this policy, we reserve the right to take action if we see objectionable content that is inconsistent with the spirit of the guidelines, even if it’s something that is not forbidden by the letter of the policy. In other words, if you do something that isn’t listed here verbatim, but it looks or smells like something listed here, we may still take action.

You’ll see the word “services” a lot throughout this page. That refers to all products and websites owned or operated by Orthogramic, and any related websites, sub-domains and pages, as well as any cloud services operated by Orthogramic.

Use your judgment, and let’s be kind to each other so we can keep creating great things. You can find all the legal fine print at the bottom of this page.

Here’s what we won’t allow:

  • Disruption
  • Compromising the security or operation of our systems. This could include probing, scanning, or testing the vulnerability of any system or network that hosts our services. This prohibition does not apply to security assessments expressly permitted by Orthogramic.
  • Tampering with, reverse-engineering, or hacking our services, circumventing any security or authentication measures, or attempting to gain unauthorized access to the services, related systems, networks, or data.
  • Modifying, disabling, or compromising the integrity or performance of the services or related systems, network or data.
  • Deciphering any transmissions to or from the servers running the services.
  • Overwhelming or attempting to overwhelm our infrastructure by imposing an unreasonably large load on our systems that consume extraordinary resources (CPUs, memory, disk space, bandwidth, etc.), such as:
    • Using “robots,” “spiders,” “offline readers,” or other automated systems to send more request messages to our servers than a human could reasonably send in the same period of time by using a normal browser.
    • Going far beyond the use parameters for any given service as described in its corresponding documentation.
    • Consuming an unreasonable amount of storage for music, videos, or other content in a way that’s unrelated to the purposes for which the services were designed.

Wrongful activities

  • Misrepresentation of yourself, or disguising the origin of any content (including by “spoofing”, “phishing”, manipulating headers or other identifiers, impersonating anyone else, or falsely implying any sponsorship or association with Orthogramic or any third party).
  • Using the services to violate the privacy of others, including publishing or posting other people's private and confidential information without their express permission, or collecting or gathering other people’s personal information (including account names or information) from our services.
  • Using our services to stalk, harass, bully, or post direct, specific threats of violence against others.
  • Using the services in furtherance of any illegal purpose, or in violation of any laws (including without limitation data, privacy, and export control laws).
  • Accessing or searching any part of the services by any means other than our publicly supported interfaces (for example, “scraping”).
  • Using meta tags or any other “hidden text” including Orthogramic’s or our suppliers’ product names or trademarks.
  • Using the services for the purpose of providing alerts on disaster scenarios or any other situations directly related to health or safety, including but not limited to acts of terrorism, natural disasters, or emergency response.

Inappropriate communications

  • Using the services to generate or send chain letters or spam.
  • Soliciting our users for commercial purposes, unless expressly permitted by Orthogramic.
  • Disparaging Orthogramic or our partners, vendors, or affiliates.
  • Promoting or advertising products or services other than your own without appropriate authorization.

Inappropriate content

  • Posting, uploading, sharing, submitting, or otherwise providing content that:
    • Violates or infringes Orthogramic’s or a third party’s intellectual property or other rights, including any copyright, trademark, patent, trade secret, moral rights, privacy rights of publicity, or any other intellectual property right or proprietary or contractual right, or where we receive notice of alleged violation or infringement in accordance with Reporting Copyright and Trademark Violations.
    • You don’t have the right to submit.
    • Is false, misleading, deceptive, fraudulent, illegal, obscene, defamatory, libelous, threatening, harmful, sexually explicit (including child sexual abuse material, which we will remove and report to law enforcement and the National Center for Missing and Exploited Children), indecent, harassing, or hateful.
    • Depicts, promotes, or encourages serious harm or any form of violent, illegal, tortious, or dangerous conduct.
    • Attacks others based on their race, ethnicity, national origin, religion, sex, gender, sexual orientation, disability, medical condition, or other similar status.
    • Contains viruses, bots, worms, scripting exploits, or other similar materials.
    • Is intended to be inflammatory.
    • Could otherwise cause injury, damage, death, or credible risk of harm to Orthogramic, the services, its users, or any third party.
    • Has been previously removed for violating the policy.

Reporting Copyright and Trademark Violations

In this Acceptable Use Policy, the term “content” means:

  • (1) any information, data, text, software, code, scripts, music, audio, sound, images, graphics, videos, recordings, messages, tags, interactive features, or other materials that you create, post, upload, share, submit, or otherwise provide in any manner to the services and
  • (2) any other materials, content, or data you provide to Orthogramic or use with the services. “Content” also includes submissions by others that you authorized or facilitated to use the services.

Orthogramic reserves the right to interpret the guidelines and take (or refrain from taking) action in its discretion. Without affecting any other remedies available to us, Orthogramic may permanently or temporarily remove or disable access to unacceptable content, or terminate or suspend a user’s account or access to the services, without notice or liability if Orthogramic (in its discretion) determines that a user has violated this Acceptable Use Policy. You agree to cooperate with us to investigate and remedy any violation.

Reporting Copyright and Trademark Violations

Orthogramic respects the rights of copyright and trademark holders, as described in this policy. This policy is incorporated by reference into the Orthogramic Customer agreement (the “Agreement”). Terms used in this policy shall have the same definitions as in the Agreement or our Acceptable Use Policy, as applicable, except where otherwise noted.

Copyright

Orthogramic does not allow copyright infringing activities on Orthogramic’s Products or websites (our “Services”). We will remove a party’s data or content from our Services if properly notified that such data or content infringes on another's copyright rights. Orthogramic has a policy of terminating, in appropriate circumstances, the accounts of parties who repeatedly infringe copyright holders’ copyrights. You are a “repeat infringer” if, on more than two occasions, you have been notified of infringing activity or have had Your Data or content removed from our Services. Orthogramic also reserves the right to terminate Your accounts suspected of infringing copyrights upon the first incident without further notice, at our sole discretion.

If you believe that any content in our Services violates your copyright, you should notify Orthogramic's copyright agent in writing pursuant to the Digital Millennium Copyright Act (“DMCA”), 17 U.S.C. § 512(c)(3). The contact information for Orthogramic's copyright agent is at the bottom of this section.

In order for Orthogramic to take action, you must do the following in your notice:

  • (1) provide your physical or electronic signature;
  • (2) identify the copyrighted work that you believe is being infringed, or, if multiple copyrighted works are covered by the notice, a representative list of such works;
  • (3) identify the item that you think is infringing and which is to be removed or access to which is to be disabled, and include sufficient information about where the material is located (including which website) so that Orthogramic can find it (such as the item’s URL);
  • (4) provide Orthogramic with a way to contact you (such as address, telephone number, or email);
  • (5) provide a statement that you believe in good faith that the item identified as infringing is not authorized by the copyright owner, its agent, or the law to be used by Orthogramic; and
  • (6) provide a statement that the information you provide in your notice is accurate, and that under penalty of perjury, you are the copyright owner or are authorized to act on behalf of the copyright owner whose work is allegedly being infringed.

We will promptly notify the alleged infringer that you have claimed ownership of the rights in this content and that we have complied with your takedown notice for the content.

Here is the contact information for Orthogramic's copyright agent:

Swan Hickey Pty Ltd
101 Collins Street
Melbourne
Victoria 3000
Australia
Attn: Copyright Agent
E-Mail: legal@orthogramic.com

Trademark

Trademark owners should make an effort to directly contact an offending third party before submitting a trademark infringement report to Orthogramic.

If you are a trademark owner and you believe in good faith that any content on our Services infringes on your trademark rights, please inform us in writing at legal@orthogramic.com or at the notice address for Orthogramic indicated in the Agreement. Your notice must include:

  • Identification of the trademark(s) claimed to have been infringed, and, if registered with the United States Patent and Trademark Office or similar foreign entity, the registration number of the mark(s);
  • Identification of the material claimed to be infringing and information sufficient to permit Orthogramic to locate the material, such as the specific URL where the trademark appears on the Services;
  • A statement that the complaining party has a good faith belief that use of the trademark in the manner complained of is an infringement of the rights granted under United States or foreign trademark law;
  • A statement that the information in the letter is:
    accurate, and
    under penalty of perjury, that the complaining party is authorized to act on behalf of the owner of the allegedly infringed trademark; and
  • A physical or electronic signature of a person authorized to act on behalf of the owner of the trademark that is allegedly infringed.

Once you submit the report to Orthogramic, our team will begin a brief investigation and will take action that it deems appropriate under the circumstances. If more information is needed from you, we will reach out via e-mail.

Orthogramic reserves the right to reclaim usernames on behalf of businesses or individuals that hold legal claim or trademark on those usernames. Accounts using business names or logos to mislead others may be permanently suspended.

But please note that Orthogramic is not in a position to adjudicate complicated trademark disputes between third parties. Therefore, we are not in a position to act on reports that require a complex legal analysis or factual investigation. In those instances, we encourage you to contact the third party directly to try and resolve the matter. In fact, you should consider doing so even before filing a report with us, as it is often more effective in resolving the dispute.

If we decide to take down content in response to your report, please note that we will provide your report and contact information to the affected party, who may contact you directly regarding the matter.

Third-Party Code Policy

This Third-Party Code Policy supplements the Orthogramic Customer Agreement or another agreement entered between Customer and Orthogramic (the “Agreement”). Any capitalized terms used and not defined below have the meanings given to them in the Agreement. The Products contain code and libraries that Orthogramic licenses from third parties.

1. Open Source Software in the Products

  • Open Source Software. The Products include third-party technologies that are subject to separate open source or source available licenses that govern Customer’s use, replication, modification or creation of derivative works and redistribution of such third-party technologies (“Open Source Software”). Where required, Orthogramic provides attribution for the Open Source Software distributed with a Product in accordance with the applicable open source or source available license(s).
  • Source Code Requests. For Open Source Software subject to a license that gives Customer the right to receive the source code for the binary distributed to Customer, if the source code for the Open Source Software was not provided with the binary distribution, Customer may request a copy of the source code at support@orthogramic.com. To receive a copy, Customer must (a) provide the name of the Open Source Software for which Customer is requesting the source code, (b) identify the relevant Product and the date of Customer’s Order for that Product, and (c) provide its entity name (if applicable) and the name of the person making the request, as well as a return mailing address and email. Orthogramic may charge a fee to cover the cost of physical media and processing.

2. Combining the Products with Other Software

Customer may only modify the Products as expressly specified in the “Modifications” Section of the Agreement. In connection with any Modifications, Customer must not:

  • Combine or distribute the Products with any other software, including Open Source Software, where the combined software would be subject to any license that requires, as a condition of use or distribution, that the combined software be made available in source code form, or
  • Grant any third party any rights or waivers relating to any intellectual property or proprietary rights in the Products.

3. Commercial Third-Party Code in the Products

  • 3.1 Commercial Components. The Products also include components that Orthogramic licenses commercially from third parties (“Commercial Components”). Customer may use Commercial Components only in conjunction with and through the Products as provided by Orthogramic, and the restrictions for the Products in the Agreement also apply to Commercial Components. Commercial Components are also subject to the remainder of this Section 3.
  • 3.2 Restrictions. Customer must not (and must not permit anyone else to):
    • Install, access or attempt to access, configure or use any Commercial Component (including any APIs, tools, databases or other aspects of any Commercial Components) separately from the rest of the Product, whether for production, technical support or any other purpose or
    • Modify any Commercial Component (even where provided in source code form).
  • 3.3 Commercial Component Licensors. The applicable third-party licensor (“Commercial Component Licensor”) retains all ownership and intellectual property rights to the Commercial Component. Commercial Component Licensors (and any other third party licensors of any components of the Products) are intended third party beneficiaries of the Agreement with respect to the items they license and may enforce the Agreement directly against Customer with respect to those items. Customer is responsible to the applicable Commercial Component Licensor for any breach of the Agreement (including this Section 3) with respect to the applicable Commercial Component(s). However, Commercial Component Licensors do not assume any of Orthogramic's obligations under the Agreement. To the maximum extent permitted by Law, no Commercial Component Licensor will be liable to Customer for any damages whatsoever.

Support Policy

Support offerings are bundled with Advanced, Professional, and Enterprise plans.

The Essential plan has access to self help resources.

Advanced

9/5 regional

Professional

24/7 for high impact issues
Faster response times

Enterprise

24/7 for all technical issues
Dedicated senior support team
Fastest response times
Phone support

Support Packaging Bundled with paid Advanced software license Bundled with paid Professional software license Bundled with paid Enterprise software license
Support Team Cloud support team Cloud support team Dedicated senior team
Phone Support Not available Not available Dedicated phone number
Support Entitlements (who can raise support requests) Product and site admins of Standard product sites Product and site admins of Premium product sites and organization admins Product and site admins of Enterprise product sites and organization admins
Initial Response Time (IRT)
  • L1: Application Down 2 business hours
  • L2: Serious Degradation 6 business hours
  • L3: Moderate Impact 1 business day
  • L4: Low Impact / Inquiry 2 business days
  • L5: How-to Questions 3 business days
  • L1: Application Down 1 hour
  • L2: Serious Degradation 2 business hours
  • L3: Moderate Impact 1 business day
  • L4: Low Impact / Inquiry 2 business days
  • L5: How-to Questions N/A
  • L1: Application Down 30 minutes
  • L2: Serious Degradation 2 hours
  • L3: Moderate Impact 8 hours
  • L4: Low Impact / Inquiry 24 hours
  • L5: How-to Questions N/A
Technical Support Hours 9 hours per day Mon - Fri L1: 24/7, L2: 24/5, L3 & L4: 9 hours Mon - Fri 24/7

Entitlement for Community Support

Community Support is available to anyone who signs up.

Cloud Support Team

The Cloud Support Team includes our team of support engineers and, for L5 questions submitted by users of our Essential plan.

Initial Response Times

Orthogramic will use commercially reasonable efforts to meet the target initial response time for the applicable severity level:

  • Level 1: Production application down or major malfunction affecting business and high number of staff
  • Level 2: Serious degradation of application performance or functionality
  • Level 3: Application issue that has a moderate impact to the business
  • Level 4: Issue or question with limited business impact
  • Level 5: Question about how to use a specific product or feature

Technical Support Hours

Weekend Coverage: Applies to Enterprise and Professional Support programs. Weekend support does not include issues unrelated to technical support (i.e: Billing and Licensing.) Weekends start from 5PM Friday until Monday 10AM Australian Eastern timezone (UTC+10 & UTC+11 DST).

9/5 Support: Hours of coverage include 8AM - 5PM Monday - Friday Australian Eastern timezone (UTC+10 & UTC+11 DST).

Enterprise Support Named Contacts

As part of your Enterprise purchase, we connect our top-tier engineers with the most knowledgeable individuals at your company. When you make your purchase, you give us the names of individuals most likely to contact our team. We limit the number of named contacts to three. If you need additional named contacts, you can purchase three at a time with additional Enterprise licenses.

Priority Support Key Benefits & Details

  • Mission Critical Coverage: Priority Support can be purchased for your most critical Orthogramic instances - ensuring you have elevated support when you need.
  • Advanced Team for Critical Issues: All critical Priority Support tickets (L1/L2) will route directly to our most senior Support Engineers (24x5).
  • 24 x 7 Phone Support and Weekend Support for L1 Issues: Local regional phone numbers are given out to all Priority Support customers, and phones are covered 24x5 to guarantee that you can connect with an engineer directly to assist you with your Level 1 severity issues.
  • Screen-Sharing and Collaboration Phone Calls: Our team is highly accustomed to screen-sharing sessions with customers to reduce miscommunications and delays, which lowers resolution times.
  • Account On-boarding: All Priority Support customers receive a detailed on-boarding email that contains all the details necessary to engage with our team. Additional troubleshooting guidelines, best practices, and steps to help expedite ticket triage and resolution.

Governing Terms

Support is subject to the Orthogramic Customer Agreement or other applicable terms.

Support Includes

  • Updates for Products during the applicable Subscription period
  • Incident Support - Identifying and troubleshooting problems in the system
  • Root cause analysis
  • Assistance with issues during installation
  • Assistance with issues during upgrades
  • Identifying and creating needed bug reports
  • Guidance around implementation and configuration
  • Support is open to system administrators and account holders. End-users will be redirected to a system administrator.

Support Does Not Include

  • Beta releases
  • Customized versions of Orthogramic products (customized = original product code has been modified)
  • Development questions or requests
  • If a bug in the Orthogramic development API is believed to be the root cause, you must provide sample code that demonstrates the problem and can be replicated
  • Third-party application integrations or third-party apps
  • Support for end-users unfamiliar with business architecture concepts
  • Product training
  • Support in languages other than English and Japanese
  • Professional Services
  • Deployment & Capacity Planning

Fixing Bugs

Orthogramic Support will help with workarounds and bug reports at support@orthogramic.com

New Feature Requests

We welcome new feature requests. Please contact us at support@orthogramic.com with your ideas.

Sub-processors

Third-Party Sub-processors

Orthogramic uses the third-party entities below (each, a “sub-processor”) to process personal data on behalf of Orthogramic customers and in accordance with contract terms between Orthogramic and the sub-processor to uphold Orthogramic’s commitments in the Data Processing Addendum.

Orthogramic carries out annual compliance reviews of its sub-processors, and where the engagement of a sub-processor requires the cross-border transfer of personal data, Orthogramic conducts Transfer Impact Assessments in accordance with applicable data protection law for these data transfers. Orthogramic imposes obligations on its sub-processors to implement appropriate technical and organizational measures ensuring that the sub-processing of personal data is protected to the standards required by applicable data protection laws.

This list below contains sub-processors for Orthogramic’s services. For each sub-processor below, processing of personal data will be for the duration of use of the applicable service(s) by the customer, and for the retention periods as set out in the customer’s agreement with Orthogramic and any product documentation. Further information relating to sub-processor Security Processes can be found via the external links below. Please note that if you use Orthogramic data residency, pinned data remains in your specified location.

Sub-processor Applicable Products Nature and Purpose of Processing Categories of Personal Data Location of Processing Security Processes
Amazon Web Services, Inc. All Products Cloud hosting provider Personal data contained in user account information and text or files created by customer and stored in all Products EEA (Sweden, Ireland and Germany), UK, Canada, Australia, Brazil, Singapore, South Korea, USA, India, Japan AWS Compliance Programs
Cloudflare, Ltd. All Products Content delivery network provider Personal data contained in user account information and text or files created by customer and stored in all Products Customer traffic is processed globally at the data center closest to the end user. Certifications and Compliance Resources
Mailchimp All Products Communications technology provider for product notifications and video sharing over email Personal data contained in product notice communications and user-initiated shared video recordings including associated comments and email messages USA Mailchimp Security
Viral Loops All Products Communications technology provider for product notifications and video sharing over email Personal data contained in referral email messages Canada Data Privacy and GDPR
Segment All Products Data analytics distribution service Personal data contained in user account information and text or files created by customer and stored in Applicable Products USA Segment Trust Center
Twilio, Inc. All Products Communications technology provider for product notifications Personal data contained in product notice communications USA, for support requests only: EEA and Singapore Twilio Trust Center
Orthogramic All Products Customer service and technical support Personal data contained in user account information and text or files created by customer and stored in all Products USA Orthogramic Data Processing Addendum

Security Processes

Introduction

Security is an essential part of Orthogramic’s offerings. This page describes Orthogramic’s security program, certifications, policies, and physical, technical, organizational and administrative controls and measures to protect Customer Data from unauthorized access, destruction, use, modification or disclosure (the “Security Processes”). The Security Processes are intended to be in line with the commonly-accepted standards of similarly-situated software-as-a-service providers (“industry standard”), including NIST 800-53 controls.

Any capitalized terms used but not defined have the meanings set out in this Agreement or the Data Processing Addendum.

1. Access Control

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices for the appropriate access control and protection of Customer Data, which include:
  • Access management policy addressing access control standards, including the framework and the principles for user provisioning.
  • Designated criticality tiers based on a Zero Trust Model architecture, including the requirements for multi-factor authentication on higher-tier services.
  • User provisioning for access to Orthogramic systems, applications, and infrastructure based on the relevant job role and on the least privilege principle enforced through authentication processes.
  • Strict role-based access controls for Orthogramic staff, allowing access to Customer Data only on a need-to-know basis.
  • Segregation of duties including but not limited to (i) access controls reviews, (ii) HR-application managed security groups, and (iii) workflow controls.
  • A prior approval of all user accounts by Orthogramic’s management before granting access to data, applications, infrastructure, or network components based on the data classification level; regular review of access rights as required by relevant role.
  • Use of technical controls such as virtual private network (VPN) and multi-factor authentication (MFA) where relevant based on information classification and Orthogramic’s Zero Trust Model architecture.
  • Centrally managed mobile device management (MDM) solution, including defined lockout periods and posture checks for endpoints and mobile devices.

2. Awareness and Training

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices for conducting appropriate trainings and security awareness activities, which include:
  • Extensive awareness training on security, privacy, and compliance topics for all employees at induction and annually, utilizing diverse formats (online, in-person, and pre-recorded sessions, phishing simulations).
  • Targeted role-specific training for employees with elevated privileges to address relevant risks and enhance their specific knowledge base.
  • Maintaining of all training records in a designated learning management system.
  • An automated reminder for training deadlines, with a built-in escalation process to respective managers.
  • Continuous security awareness trainings (extending to contractors and partners), covering current threats and best security practices.
  • Secure coding trainings by security champions embedded within engineering teams.
  • Annual mandatory security trainings and events to reinforce security principles through different activities, emphasizing the collective responsibility for security.

3. Audit and Accountability

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices for proper auditing and accountability purposes, which include:
  • Comprehensive logging standards as part of Orthogramic's policy management framework, with annual reviews and senior management approvals.
  • Secure forwarding and storage of relevant system logs to a centralized log platform of the cloud infrastructure with read-only access.
  • Monitoring of security audit logs to detect unusual activity, with established processes for reviewing and addressing anomalies.
  • Regular updates to the logging scope of information and system events for Products and related infrastructure in order to address new features and changes.
  • Utilizing time sync services from relevant cloud service providers (e.g. AWS or Microsoft Azure) for reliable timekeeping across all deployed instances.

4. Assessment, Authorisation and Monitoring

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices for consistent system monitoring and security assessments, which include:
  • Extensive audit and assurance policies with annual reviews and updates.
  • A centralized internal policy program categorizing the global policies into different domains including annual review, and senior management approval of the program.
  • Audit management encompassing the planning, risk analysis, security control assessment, conclusion, remediation schedules, and review of past audit reports.
  • Internal and independent external audits conducting annual evaluations of legal and contractual requirements, as well as effectiveness of controls and processes to validate compliance.
  • Ongoing verification of compliance against relevant standards and regulations, e.g. ISO 27001 or SOC 2.
  • Systematically addressing any nonconformities found through audit findings taking into account the root-cause analysis, severity rating, and corrective actions, all documented and tracked meticulously.
  • Annual penetration testing on Products and proactive bug bounty programs for the detection and mitigation of vulnerabilities.
  • Continuous vulnerability scanning, with identified vulnerabilities remediated in line with Orthogramic's policy.

5. Configuration Management

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices for appropriate configuration management, which include:
  • Change management policies covering the risk management for all internal and external asset changes, reviewed annually.
  • Standard procedures for change management applicable to encryption and cryptography for the secure handling of data (e.g. encryption keys) according to its security classification.
  • A centralized internal policy program categorizing the global policies into different domains including annual review, and senior management approval of the program.
  • Stringent policies encompassing (i) encryption, (ii) cryptography, (iii) endpoint management, and (iv) asset tracking inline with industry standards.
  • Established baselines and standards for change control that require testing documentation prior to implementation and authorized approval.
  • A peer review and green build process requiring multiple reviews and successful testing for production code and infrastructure changes.
  • A strict post-implementation testing and approval process for emergency changes to the code.
  • Comprehensive automated system supplemented by an Intrusion Detection System (IDS), managing and protecting against unauthorized changes.
  • Meticulous cataloguing and tracking of all physical and logical assets with annual reviews ensuring up-to-date asset management.

6. Contingency Planning

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices for appropriate contingency planning for business continuity and disaster recovery purposes, which include:
  • A skilled workforce and robust IT infrastructure, including telecommunications and technology essential for Product delivery.
  • Business continuity and disaster recovery plans (“BCDR Plans”) including defined recovery time objectives (RTOs) and recovery point objectives (RPOs).
  • Business continuity plans encompassing data storage and continuity of use, reasonably designed to prevent interruption to access and utilization.
  • Geographic diversity as a result of our global workforce and cloud infrastructure.
  • Reinforcing business operations through resilience controls, such as daily backups, annual restoration testing, and alternative cloud infrastructure storage sites.
  • A resilience framework and procedures for response and remediation of cyber events to maintain business continuity.
  • Quarterly disaster recovery tests and exercises to enhance the response strategies, with post-test analyses for continuous improvement in line with the applicable BCDR Plans.
  • Continuous capacity management across Products, with internal monitoring and adjustments to maintain service availability and processing capacity, for example (distributed) denial-of-service attack (DDoS) mitigation for Products and related infrastructure.
  • A centralized internal policy program for annual reviews and updates of all global policies related to business continuity.
  • Robust backup protocols, including (i) data encryption, (ii) redundancy across data centers, and (iii) regular testing to bolster contingency planning.

7. Identification and Authentication

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices for appropriate identification and authentication purposes which include:
  • Employee identification uniquely through active directory, utilizing single sign-on (SSO) for application access.
  • Utilizing MFA for secure access, specifically for VPN and application launch via SSO based on Orthogramic’s Zero Trust Model architecture.
  • Password policies following the NIST 800-63B guidelines, focusing on the security aspects of password creation and management.
  • Ensuring the security of stored credentials using advanced encryption methods, e.g., password and secret management systems.
  • Documented approvals, regular reviews of users and accounts, and automatic syncs between the relevant identity system and HR systems to maintain the integrity and accuracy of identification data.

8. Security Incident Response

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices for appropriate Security Incident response purposes, which include:
  • Security Incident response plans emphasizing preparedness, containment, eradication, and recovery, as well as focus on data protection and other regulatory requirements.
  • Dedicated cross-functional teams handling Security Incidents, ensuring effective communication and collaboration, including well-defined processes for triaging security events.
  • Regular testing of response plans with established metrics to track and improve Security Incident management effectiveness.
  • Annual reviews of company-wide incident response plans and policies to reflect and share current best practices across the company.
  • Post-incident review (PIR) with root cause analysis conducted for high-severity Security Incidents, focusing on systemic improvements and learning.
  • Incident response procedures and plans embedded in critical business processes to minimize downtime and security risks.
  • Published system availability information to aid in Security Incident handling and reporting at https://status.orthogramic.com/ as applicable.
  • The ability for Customer to report incidents, vulnerabilities, bugs, and issues, ensuring prompt attention to concerns related to system defects, availability, security, and confidentiality.
  • Commitment to Customer notification of the Security Incident without undue delay under Orthogramic’s Data Processing Addendum, including the obligation to assist the Customer with necessary information for compliance with Applicable Data Protection Laws.

9. Maintenance

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices for continued effectiveness of its Products, which include:
  • Regular testing of BCDR Plans with quarterly evaluations, validated by external auditors.
  • Real-time monitoring of the availability of multiple regions with performing of regular tests for infrastructure availability and reliability.

10. Media Protection

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices to ensure the protection of media (internal and external), which include:
  • Using reliable 3rd party services (e.g. Microsoft Azure or AWS) to operate the physical infrastructure for processing Customer Data as a Sub-processor.
  • Sanitization and degaussing of used equipment by the 3rd party cloud service providers, including hard drives with Customer Data in line with industry standards (e.g. ISO 27001).
  • Full disk encryption using industry standards (e.g. AES-256) employed for data drives on servers and databases storing Customer Data, and on endpoint devices.
  • Internal bring your own device (BYOD) policy ensuring access to Customer Data is only possible via secure and compliant devices; restricting the access with technical controls (e.g. VPN) for all devices following Orthogramic’s Zero Trust Model architecture.
  • Unattended workspaces are required to have no visible confidential data, aligning with the secure workplace guidance.

11. Physical and Environmental Protection

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices for the physical and environmental protection of Customer Data, which include:
  • A safe and secure working environment with controls implemented globally at Orthogramic's offices.
  • Employing badge readers, camera surveillance, and time-specific access restrictions for enhanced security.
  • Implementing and maintaining access logs at office buildings for investigative purposes.
  • Multiple compliance certifications and robust physical Security Processes, including biometric identity verification and on-premise security, implemented by 3rd party data center providers.
  • Controlled access points and advanced surveillance systems as well as protective measures for power and telecommunication cables, alongside environmental control systems, implemented by 3rd party data center providers.
  • Positioning critical equipment in low-risk environmental areas for added safety (both by Orthogramic and its 3rd party data center providers).

12. Planning

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices for appropriate planning of business operations, which include:
  • Active monitoring and documentation by legal and compliance teams on regulatory obligations.
  • A detailed system security plan with comprehensive documentation on system boundaries and product descriptions.
  • Communication to internal users and customers about significant changes to key products and services.
  • Periodic reviews and updates of the security management program.

13. Program Management

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices for appropriate program management, which include:
  • Supporting the security management program at the executive level, encompassing all security-related policies and practices.
  • Documented information security policies, including (i) defined roles, (ii) risk mitigation, and (iii) service provider security management program.
  • Periodic risk assessments of systems processing Customer Data, with prompt reviews of Security Incidents for corrective action.
  • Formal security controls framework aligning to standards such as SOC 2, ISO27001, and NIST 800-53.
  • Processes for identifying and quantifying security risks, with mitigation plans approved by the Chief Trust Officer and regular tracking of implementation.
  • Comprehensive and diverse approach to security testing to cover a wide range of potential attack vectors.
  • Regular review, testing, and updating of the security management program (annually, at a minimum).
  • Development program for security staff with regular trainings; organizational chart that delineates roles and responsibilities.
  • Setting and review of strategic operational objectives by the executive management.
  • Annual review of the Enterprise Risk Management (ERM) framework, including the risk management policy, risk assessments, and fraud risk assessments, by the Head of Risk and Compliance.

14. Personnel Security

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls and practices for the security of all Orthogramic’s employees who have access to Customer Data, which include:
  • Pre-hire background checks, including criminal record inquiries, especially thorough for senior executive and accounting roles to the extent permissible under applicable local laws.
  • An extensive onboarding process including confidentiality agreements, employment contracts, and acknowledgment of various policies and codes of conduct.
  • Global and local employment policies, maintained and reviewed annually.
  • Processes for role changes and terminations including automatic de-provisioning and checklists for employee exits, with managerial approval required for re-provisioning the access.
  • Ongoing security and compliance training for employees, with targeted training for specific roles and the presence of security champions in teams.
  • Hosting of annual security awareness month to reinforce security education and celebrate achievements in maintaining organizational security.
  • Established disciplinary processes to manage violations of Orthogramic's policies.

15. Personal Data Processing and Transparency

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices for the compliance of personal data processing in line with Applicable Data Protection Laws, which include:
  • A global privacy compliance program for reviewing and adapting to data protection laws including necessary safeguards and processes.
  • Maintaining an internal personal data processing policy with clear definitions of personal data categories, processing purposes, and processing principles.
  • Detailed standards for processing of various categories of personal data covering the topics such as processing principles, applicable legal basis, retention, destruction etc.
  • An established method to create pseudonymised data sets using industry standard practices and appropriate technical and organisational measures governing the systems capable of remapping pseudonymous identifiers.
  • Transparent privacy policies for its users and customers, as well as internal guidelines for employees.
  • Comprehensive compliance documentation, including but not limited to (i) processing activities, (ii) privacy impact assessments, (iii) transfer impact assessments, (iv) consents, and (v) data processing agreements with customers and vendors.
  • Secure development practices across all development lifecycle stages, focusing on security and data protection from the initial design phase.
  • Respecting the individual’s rights to access, correct, and delete their personal data in line with relevant data protection laws.

16. Risk Assessment

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices for a robust Information Security Management System, which include:
  • A comprehensive risk management program for identifying, assessing, and addressing various risks to support informed risk management decisions.
  • A policy program aligning company-wide policies with ISO 27001 and other relevant standards to mitigate associated risks.
  • Continuous security testing, including (i) penetration tests, (ii) bug bounties, and (iii) proactive threat mitigation.
  • Processes and metrics for reporting vulnerability management activities.
  • Thorough security evaluations, including independent external and internal audits.

17. System and Services Acquisition

  • Orthogramic has implemented and will maintain a structured, security-centric methodology for the system development, maintenance, and change management, which include:
  • An agile secure software development life cycle for adaptability, efficiency, and thorough review and documentation of system and infrastructure changes.
  • Secure, standardized application deployment with automated processes for system configuration changes and deployment.
  • Defined development process with peer-reviewed pull requests and mandatory automated tests prior to merging.
  • Segregated responsibilities for change management among designated employees.
  • Emergency change processes, including "break glass" procedures, ensuring readiness for rapid response during critical incidents.
  • Robust compliance settings in Orthogramic’s source code and deployment systems (e.g., Bitbucket Cloud) preventing unauthorized alterations.
  • Clear documentation and monitoring of all configuration changes, with automatic alerts for non-compliance or alterations in peer review enforcement.
  • Strict controls over modifications to vendor software.
  • Regular scanning and updates of third-party or open-source libraries as well as ongoing scanning of the code base.

18. System and Communications Protection

  • Orthogramic has implemented and will maintain a comprehensive set of formal policies, controls, and practices for system and communication protection which include:
  • Cryptographic mechanisms to safeguard sensitive information stored and transmitted over networks, including public internet, using reliable and secure encryption technologies.
  • Encryption of Customer Data at rest and in transit using TLS 1.2+ with Perfect Forward Secrecy (PFS) across public networks.
  • Zone restrictions and environment separation limiting connectivity between production and non-production environments.
  • Continuous management of workstation assets including (i) security patch deployment, (ii) password protection, (iii) screen locks, and (iv) drive encryption through asset management software.
  • Restricting access to only known and compliant devices enrolled in the MDM platform, adhering to the principles of Zero Trust Model architecture.
  • Maintaining firewalls at corporate edges for both platform and non-platform hosted devices for additional layers of security.
  • Network and host defense including (i) operating system hardening, (ii) network segmentation, and (iii) data loss prevention technologies.
  • Established measures to ensure Customer Data is kept logically segregated from other customers' data.

19. System and Information Integrity

  • Orthogramic has implemented and will maintain formally established policies and practices that include the following controls and safeguards relevant for system and information integrity, in particular:
  • Ongoing vulnerability scans to ensure prompt identification and remediation of vulnerabilities.
  • Adherence to stringent data disposal protocols in line with applicable laws, reasonably ensuring that data from storage media is irrecoverable post-sanitization.
  • Strict policies to prevent the use of production data in non-production environments, ensuring data integrity and segregation.
  • Centrally managed, read-only system logs; monitoring for Security Incidents; retention policies aligned with security best practices.
  • Managing endpoint compatibility with systems and applications, enhancing network security and reliability.
  • Deploying anti-malware strategies on the relevant infrastructure and Orthogramic devices for robust protection against malware threats with regular updates to malware protection policies and detection tools.
  • Unique identifiers and token-based access control ensure logical isolation and secure, limited access to Customer Data.

20. Supply Chain Risk Management

  • Orthogramic has implemented and will maintain formally established policies and practices for supply chain risk management, which include:
  • A formal framework for managing vendor relationships, aligning the security, availability, and confidentiality standards of suppliers throughout their lifecycle.
  • A robust third party risk management (TPRM) assessment process including risk assessments, due diligence, contract management, and ongoing monitoring of all third parties.
  • Dedicated teams, including legal, procurement, security, and risk departments for the review of contracts, SLAs, and Security Processes to manage risks related to security and data confidentiality.
  • Functional risk assessments for suppliers before onboarding and periodically, based on risk levels, with revisions during policy renewals or significant relationship changes.
  • An inventory of all suppliers detailing ownership and risk levels associated with the services provided to Orthogramic.
  • Yearly review of audit reports (e.g., SOC 2) and regular reviews of IT governance policies and security assessments of the supply chain to ensure controls are both appropriate and effectively compliant.
  • Measures to secure third-party endpoints, focusing on compliance monitoring and selective restrictions based on the mobile & bring your own device policy.

Training Services Policy

TRAINING TERMS OF USE

Through the Service, you’ll be able to access our library of training courses (“Courses”) for our products and services (“Orthogramic Products”). For the purposes of these Training Terms of Use, the Courses and Materials (as defined below) are deemed to be part of the “Service.”

By accessing the Service or ordering any Course, you are agreeing to Orthogramic’s Training Terms of Use and all other policies or notices posted by us through the Service or referenced herein (collectively, these “Training Terms”). These Training Terms govern your initial access to the Service and any subsequent order of Courses you make via any ordering document, online registration, order description, or order confirmation referencing these Training Terms (“Order”). If you don’t agree to these Training Terms, do not access the Service. These Training Terms apply no matter how you access the Service, whether on our website, via our mobile applications, or through other means. If you are accessing or using the Service on behalf of your company, you represent that you are authorized to accept these Training Terms on behalf of your company, and all references to “you” reference your company. Any use of or access to the Service by anyone under the age of 16 is prohibited.

For the avoidance of doubt, use and provisioning of Orthogramic Products are subject to separate terms, such as our Customer Agreement, and these Training Terms do not apply to use of or access to the Orthogramic Products.

From time to time, we may modify these Training Terms. Unless we specify otherwise, changes become effective upon our posting of the updated Training Terms, and the updated Training Terms will apply to all purchases made after they are posted. We will use reasonable efforts to notify you of the changes through communications via the Service, email, or other means.

THE SERVICE

  • 1.1. Access to the Service. You may access the Service via your accounts for Orthogramic Products to view the Courses you have purchased, but solely for your own benefit and in accordance with these Training Terms. You acknowledge that we may use your personal data (including for registration for Courses) in accordance with our Privacy Policy and that such personal data is processed and stored in Australia. You will ensure that your use of the Service and all User Content (as defined below) is at all times in compliance with all applicable laws.
  • 1.2. Materials. Courses may include supplementary materials that you may download or otherwise access online, including Course descriptions, toolkits, and other written materials designed to supplement your training (“Materials”). If any Materials are provided with the Courses you have purchased, then subject to these Training Terms, Orthogramic hereby grants you a non-transferable, non-sublicensable, non-exclusive license to copy and use the Materials solely for your personal, non-commercial, educational use in connection with the applicable Courses.
  • 1.3. We may use the services of subcontractors and permit them to exercise the rights granted to us in order to provide the Service under these Terms. From time to time, we may add, remove, or change the Courses we offer to you or otherwise modify the Service. We will use reasonable efforts to notify you of any addition or removal of Courses.
  • 1.4. General Restrictions. You will not (and will not permit any third party to): (a) rent, lease, sell, provide access to or sublicense the Service to a third party; (b) use the Service to provide any product or service to a third party; (c) reverse engineer, decompile, disassemble, or otherwise seek to obtain the source code or non-public APIs to the Service; (d) copy or modify the Service, or create any derivative work from any of the foregoing; (e) remove or obscure any proprietary or other notices contained in the Service; or (f) publicly disseminate information regarding the performance of the Service.

OWNERSHIP AND USER CONTENT

  • 3.1. Ownership of the Service. You agree that we or our suppliers retain all right, title and interest (including all patent, copyright, trademark, trade secret and other intellectual property rights) in and to the Service. Except as expressly set forth in these Training Terms, no rights in the Service are granted to you.
  • 3.2. Feedback. We look forward to receiving your comments, requests, and other feedback regarding the Service and you agree that we are free to incorporate and use your feedback without restriction of any kind, including in our promotional materials, in a manner that is attributable back to you.
  • 3.3. User Content. The Service may enable you to share your content, such as projects, assignments, and the like (“User Content”), with us, instructors, and/or other users. For the avoidance of doubt, any User Content does not constitute “Materials” for the purposes of these Training Terms. You retain all intellectual property rights in, and are responsible for, the User Content you share. Your use of the Service and all User Content must comply with our Acceptable Use Policy at all times. To the extent that you provide User Content, you grant us a royalty-free, perpetual, sublicensable, transferable, non-exclusive, worldwide license to copy, distribute, modify, create derivative works of, publicly perform, publicly display, and otherwise use the User Content. We do not promise to store or make available on the Service any User Content for any length of time. We reserve the right to remove or modify User Content for any reason, including User Content that we believe violates these Training Terms.
  • 3.4. No Confidential Information. You should not provide to us any information that you consider confidential (including in any feedback or User Content you provide) and you agree that we are not subject to any confidentiality obligations or use restrictions related to information or materials that you may provide to us in relation to the Service.

FEES & PAYMENT; REFUNDS

  • 4.1. Fees and Payment. You are responsible for paying all fees for Courses you purchase as set forth in the applicable Order with a payment mechanism permitted during the Order process. You are required to pay any sales, use, GST, value-added, withholding, or similar taxes or levies, whether domestic or foreign, other than taxes based on our income. If your payment method fails or your account is past due, we may collect fees using other collection mechanisms. Fees may vary based on your location and other factors, and we reserve the right to change any fees at any time at our sole discretion. Any fee change will be effective immediately upon posting through the Service.
  • 4.2. Refunds. If Orthogramic cancels a workshop delivery, Orthogramic will provide the option to reschedule to a later available date that is within 12 months of the purchase date. Workshop sessions cancelled or rescheduled by the customer within 15 business days of the scheduled delivery are subject to a 50% fee of the workshop purchase price. Cancellations or re-schedules within five business days are subject to a 100% fee of the workshop purchase price. Cancellation requests must be submitted in writing.

TERM AND TERMINATION

  • 5.1. Term and Termination. These Training Terms are effective as of the earlier of (a) the date you first access or use the Service or (b) the date of your first Order, and continue in effect while you are accessing the Courses. We may terminate these Training Terms and your access to the Service at any time upon notice to you if you breach these Training Terms.
  • 5.2. Effect of Termination. Upon any expiration or termination of these Training Terms, you will immediately cease any and all use of and access to the Service. Provided these Training Terms were not terminated for your breach, you may retain copies of any Materials, so long as you do not copy, distribute or otherwise use them in violation of these Training Terms. Except where an exclusive remedy is specified, the exercise of either party of any remedy under these Training Terms, including termination, will be without prejudice to any other remedies it may have under these Training Terms, by law, or otherwise.
  • 5.3. Survival. The following Sections will survive any expiration or termination of these Training Terms: 1.4 (General Restrictions), 3 (Ownership and User Content), 4 (Fees & Payment; Refunds), 5 (Term and Termination).